Solved Cannot start MS Security Essentials or Windows Firewall

J

JimWol

Posts: 12   +0
I had the SIREFEF.Y virus and thought I had removed it a week ago but now the initial symptoms are back - MS Security essentials wont run nor will Windows Firewall.

I have carried out the '5-step Viruses/Spyware/Malware Preliminary Removal Instructions' and the logs are here :-

MalAware Bytes 'protection-log-2012-06-24.log
2012/06/24 13:48:37 +0100 DESKTOP Jim MESSAGE Starting protection
2012/06/24 13:48:39 +0100 DESKTOP Jim MESSAGE Protection started successfully
2012/06/24 13:48:42 +0100 DESKTOP Jim MESSAGE Starting IP protection
2012/06/24 13:48:42 +0100 DESKTOP Jim ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/06/24 13:58:42 +0100 DESKTOP Jim MESSAGE Starting protection
2012/06/24 13:58:48 +0100 DESKTOP Jim MESSAGE Protection started successfully
2012/06/24 13:58:51 +0100 DESKTOP Jim MESSAGE Starting IP protection
2012/06/24 13:58:51 +0100 DESKTOP Jim ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/06/24 14:12:07 +0100 DESKTOP Jim DETECTION C:\Windows\Installer\{1a2525f3-71b7-0b1c-951e-8575828f9120}\U\800000cb.@ Rootkit.0Access QUARANTINE
2012/06/24 14:15:37 +0100 DESKTOP Jim DETECTION C:\Windows\Installer\{1a2525f3-71b7-0b1c-951e-8575828f9120}\U\800000cb.@ Rootkit.0Access DENY
GMER Log - gmer.log
(Nothing recorded)

DDS.Txt
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Jim at 16:36:31 on 2012-06-24
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8190.5381 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\ASUS.SYS\config\DVMExportService.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\PDF Suite 2011\ConversionService.exe
C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System32\atwtusb.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\atwtusb.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Windows\DAODx.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\AirPort\APAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\PROGRAM FILES (X86)\COMMON FILES\APPLE\INTERNET SERVICES\APPLEPHOTOSTREAMS.EXE
C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\MSOSYNC.EXE
C:\PROGRAM FILES (X86)\SEAGATE\DISCWIZARD\TIMOUNTERMONITOR.EXE
C:\PROGRAM FILES (X86)\SEAGATE\DISCWIZARD\DISCWIZARDMONITOR.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\WTMKM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRAM FILES\SAITEK\SD6\SOFTWARE\SAIMFD.EXE
C:\PROGRAM FILES\SAITEK\SD6\SOFTWARE\PROFILERU.EXE
C:\PROGRAM FILES\BT BROADBAND DESKTOP HELP\BTBB\BTHELPNOTIFIER.EXE
C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
C:\PROGRAM FILES (X86)\COMMON FILES\APPLE\INTERNET SERVICES\UBD.EXE
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.bt.yahoo.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
mStart Page = hxxp://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {1AD61D5B-58A3-4592-9B34-DC84688FF805} - No File
BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xinside.exe
mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
StartupFolder: C:\Users\Jim\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{6C836DBD-A9CF-4195-95B6-C1E8B22C2D19} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B9604B64-AC0B-4331-AA12-834834DEFF9C} : DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{D57DEE4B-58E2-4A3C-A189-5276749522E7} : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
LSA: Authentication Packages = msv1_0 relog_ap
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {1AD61D5B-58A3-4592-9B34-DC84688FF805} - No File
BHO-X64: PDF Suite Helper - No File
BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No File
BHO-X64: eSnipBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [JMB36X IDE Setup] c:\windows\raidtool\xinside.exe
mRun-x64: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;C:\Windows\system32\drivers\hcw88aud.sys --> C:\Windows\system32\drivers\hcw88aud.sys [?]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-25 913792]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-10-16 319488]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-6-29 820568]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
R2 Kodak Cloud Software Connector;Kodak Cloud Software Connector;C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe -s --> C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe -s [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-24 654408]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-2-12 517632]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-13 2214504]
R2 PDF Suite 2011 Service;PDF Suite 2011 Service;C:\Program Files (x86)\PDF Suite 2011\ConversionService.exe [2010-10-13 791360]
R2 Realtek11nCU;Realtek11nCU;C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2011-4-7 36864]
R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2009-10-16 606048]
R2 WTService;WTService;C:\Windows\System32\atwtusb.exe -s --> C:\Windows\System32\atwtusb.exe -s [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;C:\Windows\system32\drivers\hcw88bda.sys --> C:\Windows\system32\drivers\hcw88bda.sys [?]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;C:\Windows\system32\drivers\hcw88tse.sys --> C:\Windows\system32\drivers\hcw88tse.sys [?]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;C:\Windows\system32\drivers\hcw88tun.sys --> C:\Windows\system32\drivers\hcw88tun.sys [?]
R3 hcw88vid;Hauppauge WinTV 88x Video;C:\Windows\system32\drivers\hcw88vid.sys --> C:\Windows\system32\drivers\hcw88vid.sys [?]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\Windows\system32\drivers\HCW88BAR.sys --> C:\Windows\system32\drivers\HCW88BAR.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 257224]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\system32\DRIVERS\BthAvrcp.sys --> C:\Windows\system32\DRIVERS\BthAvrcp.sys [?]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 CH341SER_A64;CH341SER_A64;C:\Windows\system32\Drivers\CH341S64.SYS --> C:\Windows\system32\Drivers\CH341S64.SYS [?]
S3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-7-22 20336]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-24 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-24 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2011-7-22 33184]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192cu.sys --> C:\Windows\system32\DRIVERS\RTL8192cu.sys [?]
S3 SaiH353E;SaiH353E;C:\Windows\system32\DRIVERS\SaiH353E.sys --> C:\Windows\system32\DRIVERS\SaiH353E.sys [?]
S3 SaiHF51A;SaiHF51A;C:\Windows\system32\DRIVERS\SaiHF51A.sys --> C:\Windows\system32\DRIVERS\SaiHF51A.sys [?]
S3 SaiUF51A;SaiUF51A;C:\Windows\system32\DRIVERS\SaiUF51A.sys --> C:\Windows\system32\DRIVERS\SaiUF51A.sys [?]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\system32\DRIVERS\silabenm.sys --> C:\Windows\system32\DRIVERS\silabenm.sys [?]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\system32\DRIVERS\silabser.sys --> C:\Windows\system32\DRIVERS\silabser.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2011-7-22 21328]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\system32\DRIVERS\vpcuxd.sys --> C:\Windows\system32\DRIVERS\vpcuxd.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-24 12:48:05 -------- d-----w- C:\Users\Jim\AppData\Roaming\Malwarebytes
2012-06-24 12:48:00 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-24 12:48:00 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-24 12:48:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-22 23:35:02 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E87E0F6F-9922-4F6D-95AD-B7A2B2A6ED6C}\mpengine.dll
2012-06-21 14:06:36 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-21 09:07:28 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 09:07:05 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 09:06:43 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 09:06:43 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-14 15:28:20 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-14 15:24:51 -------- d-----w- C:\Program Files (x86)\AirPort
2012-06-14 08:53:31 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-14 08:07:17 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-06-12 22:55:38 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-12 22:55:38 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-12 22:51:34 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-12 22:51:34 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-12 22:51:34 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-12 22:51:26 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-12 22:51:21 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-12 22:51:20 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-12 22:51:19 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-12 22:51:16 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-12 22:51:12 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-12 22:51:09 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-12 22:51:08 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-12 22:50:48 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-12 22:50:47 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-12 22:50:47 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-12 22:50:47 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-12 22:50:45 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-12 22:50:45 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-12 17:54:14 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-12 17:54:14 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8CA465F2-8CEB-4A42-9D21-561AE0F451A0}\gapaengine.dll
2012-06-11 22:25:23 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-06-11 22:25:19 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-06-07 22:58:58 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-06-07 14:39:34 -------- d-----w- C:\SC2-WingsOfLiberty-enGB-Installer
2012-06-07 14:32:02 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-06-07 14:32:02 -------- d-----w- C:\Program Files (x86)\StarCraft II
2012-06-07 14:32:02 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
.
==================== Find3M ====================
.
2012-06-23 13:28:57 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 13:28:57 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-21 15:37:16 28640 ----a-w- C:\Windows\System32\DriveCleanup.exe
2012-06-07 10:00:07 119296 ----a-w- C:\Windows\SysWow64\zlib.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-18 19:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-18 19:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-04-06 02:22:00 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\System32\aticfx64.dll
2012-04-06 02:16:52 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-04-06 02:16:46 503808 ----a-w- C:\Windows\System32\atieclxx.exe
2012-04-06 02:16:02 236544 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-04-06 02:14:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-04-06 02:14:30 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-04-06 02:14:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\System32\atio6axx.dll
2012-04-06 02:00:10 64000 ----a-w- C:\Windows\System32\coinst.dll
2012-04-06 01:54:46 7479296 ----a-w- C:\Windows\System32\atidxx64.dll
2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-04-06 01:30:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-04-06 01:30:08 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\System32\atiumd64.dll
2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-04-06 01:11:28 514560 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-04-06 01:11:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-04-06 01:11:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-04-06 01:11:00 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-04-06 01:10:44 343040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-04-06 01:09:56 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-04-06 01:09:42 44544 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-04-06 01:09:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-04-05 21:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-04-05 21:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-04-05 21:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-04-05 21:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-04-05 21:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-04-05 21:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll
2012-04-05 21:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 16:36:45.21 ===============

Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/01/2009 19:53:47
System Uptime: 06/24/2012 13:57:15 (3 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A89TD PRO USB3
Processor: AMD Phenom(tm) II X6 1100T Processor | AM3 | 3300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 522 GiB total, 265.589 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
F: is FIXED (NTFS) - 233 GiB total, 61.86 GiB free.
G: is FIXED (NTFS) - 931 GiB total, 566.771 GiB free.
H: is FIXED (NTFS) - 233 GiB total, 177.543 GiB free.
I: is Removable
J: is FIXED (NTFS) - 466 GiB total, 454.685 GiB free.
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek RTL8188CU Wireless LAN 802.11n USB 2.0 Network Adapter
Device ID: USB\VID_0BDA&PID_8176\00E04C000001
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8188CU Wireless LAN 802.11n USB 2.0 Network Adapter
PNP Device ID: USB\VID_0BDA&PID_8176\00E04C000001
Service: RTL8192cu
.
==== System Restore Points ===================
.
RP810: 06/14/2012 14:11:10 - ComboFix created restore point
RP811: 06/16/2012 11:29:54 - Windows Update
RP812: 06/18/2012 18:47:28 - Windows Backup
RP813: 06/19/2012 18:52:36 - Windows Update
RP814: 06/20/2012 14:08:12 - Installed U3Launcher
RP815: 06/20/2012 14:11:15 - Installed U3Launcher
RP816: 06/21/2012 10:06:16 - Windows Update
RP818: 06/21/2012 12:14:29 - Removed U3Launcher
RP819: 06/21/2012 13:14:40 - Installed U3Launcher
RP820: 06/21/2012 15:21:54 - Installed U3Launcher
RP821: 06/21/2012 17:31:03 - Removed U3Launcher
RP823: 06/22/2012 00:04:26 - Microsoft Antimalware Checkpoint
RP824: 06/23/2012 00:34:42 - Windows Update
RP826: 06/23/2012 14:26:40 - Microsoft Antimalware Checkpoint
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 6.0
Adobe Photoshop Elements 9
Adobe Premiere Elements 9
Adobe Reader X (10.1.3)
Advanced SystemCare 5
aioscnnr
AirPort
AMD Processor Driver
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
ASUSUpdate
Audacity 1.3.14 (Unicode)
Aura Software Manager 1.0.3
Aura YouTube Downloader 1.0.8
Belarc Advisor 8.1
BT Broadband Desktop Help
BTHomeHub
C4USelfUpdater
calibre
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Canon CanoScan Toolbox 5.0
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CD-LabelPrint
center
Chrono Connect
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Combro cb625 Air Gun Support
Cool & Quiet
CoreAAC
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DFU Mode Application
Documents To Go Desktop for iPhone
Dual-Core Optimizer
Elements 9 Organizer
Elements STI Installer
essentials
EvilLyrics
Express Gate
Fallout 3
Fallout: New Vegas
Foxreal YouTube FLV Downloader version: 1.0.1.1
FUJIFILM MyFinePix Studio 3.2
GOM Player
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
Half-Life 2: Episode Two
HD Tune 2.55
HD Tune Pro 5.00
HydraVision
iGadget 6.5.2
IObit Malware Fighter
Japanese Fonts Support For Adobe Reader 9
Java(TM) 6 Update 24
JMicron JMB36X Driver
Junk Mail filter update
KODAK AiO Software
KODAK Cloud Software Connector
LAME v3.98.3 for Audacity
Lexmark 1400 Series
MacroKey Manager
Malwarebytes Anti-Malware version 1.61.0.1400
MediaMonkey 4.0
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
MotoHelper MergeModules
MPEG2 Codec(libmpeg2/mad)
MSVCRT
MSVCRT_amd64
NEF Codec
neroxml
Notepad++
NVIDIA PhysX
ocr
OpenAL
PDF Suite 2011
PlayerLiteHJ 1.0.2.2.LHJ
PreReq
Protected Folder
QuickTime
RAF
RAGE
Rapture3D 2.4.8 Game
RAW FILE CONVERTER EX powered by SILKYPIX
Realtek Ethernet Controller Driver For Windows 7
Realtek HDMI Audio Driver for ATI
REALTEK Wireless LAN Driver and Utility
Renesas Electronics USB 3.0 Host Controller Driver
RoadPilot Software Suite
Safari
ScanAndSave 2.0
Seagate DiscWizard
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7
Smart Defrag 2
SmartSound Quicktracks for Premiere Elements 9.0
SmartWitness Analysis Software 2.0.8.0
StarCraft II
Steam
The Elder Scrolls IV: Oblivion
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Video Viewer
Visual C++ 8.0 Runtime Setup Package (x64)
Vuze
WePrint
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
06/24/2012 15:59:51, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
06/24/2012 14:21:41, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
06/24/2012 14:21:41, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
06/24/2012 13:58:05, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
06/24/2012 13:58:02, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
06/24/2012 13:58:01, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
06/24/2012 13:58:00, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
06/24/2012 13:56:12, Error: Service Control Manager [7031] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
06/24/2012 12:38:58, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR7.
06/24/2012 12:26:02, Error: Disk [15] - The device, \Device\Harddisk4\DR4, is not ready for access yet.
06/24/2012 12:26:02, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.
06/24/2012 00:36:26, Error: Service Control Manager [7000] - The MRESP50a64 NDIS Protocol Driver service failed to start due to the following error: The system cannot find the file specified.
06/23/2012 11:27:35, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023828.
06/23/2012 11:27:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service HomeGroupProvider with arguments "" in order to run the server: {6F7C8E8F-DC69-4E3F-BC05-439962A05FD5}
06/22/2012 11:38:33, Error: volsnap [27] - The shadow copies of volume I: were aborted during detection because a critical control file could not be opened.
06/22/2012 00:08:25, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR9.
06/21/2012 16:24:45, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR11.
06/21/2012 15:25:36, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR10.
06/21/2012 15:17:09, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR8.
06/21/2012 14:59:50, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
06/21/2012 14:56:38, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Realtek11nCU service.
06/21/2012 14:44:11, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR15.
06/21/2012 14:24:32, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR14.
06/21/2012 14:19:29, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR13.
06/21/2012 14:18:43, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR12.
06/21/2012 14:16:36, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR11.
06/21/2012 14:15:00, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR10.
06/21/2012 14:09:03, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR9.
06/21/2012 13:08:34, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR8.
06/21/2012 12:13:44, Error: volsnap [14] - The shadow copies of volume I: were aborted because of an IO failure on volume I:.
06/21/2012 12:13:44, Error: volsnap [1] - The shadow copy of volume I: could not create shadow copy storage on volume I:.
06/21/2012 12:01:51, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR7.
06/19/2012 19:00:06, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AMD External Events Utility service to connect.
06/19/2012 19:00:06, Error: Service Control Manager [7000] - The AMD External Events Utility service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
p4494882.gif


You posted DDS logs already.
Then the other log you posted is not a real log from MBAM.
GMER log is missing.

I'm removing duplicate logs.
 
Hi Broni

Sorry for the confusion. The MBAM log is posted below but when I run GMER, the log is blank I.e. there is nothing recorded.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.24.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jim :: DESKTOP [administrator]
Protection: Enabled
06/24/2012 19:20:28
mbam-log-2012-06-24 (19-20-28).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 286632
Time elapsed: 6 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\Installer\{1a2525f3-71b7-0b1c-951e-8575828f9120}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
(end)
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
The contents of the FRST.txt are -

Scan result of Farbar Recovery Scan Tool Version: 23-06-2012
Ran by SYSTEM at 24-06-2012 20:01:52
Running from J:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2185032 2009-10-18] (CANON INC.)
HKLM\...\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [357888 2009-06-03] (Saitek)
HKLM\...\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [194560 2009-06-03] (Saitek)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x]
HKLM\...\Run: [] [x]
HKLM\...\Run: [MacroKeyManager] WTMKM.exe [x]
HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873288 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [497648 2010-07-28] (Adobe Systems Incorporated)
HKLM\...\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2922496 2011-06-16] (Eastman Kodak Company)
HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [136544 2009-10-16] (Seagate)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [x]
HKLM-x32\...\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [1325936 2009-10-16] (Seagate)
HKLM-x32\...\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe [904840 2009-10-16] (Acronis)
HKLM-x32\...\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [992648 2012-05-25] (Spigot, Inc.)
HKLM-x32\...\Run: [XoftSpySE] "C:\Program Files (x86)\XoftSpySE6\XoftSpySE.exe" -NM -hidesplash [4861720 2010-09-29] (ParetoLogic Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe" [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Jim\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-21] (Microsoft Corporation)
HKU\Jim\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-09-29] (Valve Corporation)
HKU\Jim\...\Run: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [417112 2011-08-09] (IObit)
HKU\Jim\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-09] (Google Inc.)
HKU\Jim\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
HKU\Jim\...\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59240 2012-02-23] (Apple Inc.)
HKU\Jim\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-23] (Apple Inc.)
HKU\Jim\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Josh\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-09] (Google Inc.)
HKU\Josh\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [1828136 2008-02-28] (Nero AG)
HKU\Josh\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-21] (Microsoft Corporation)
HKU\Josh\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-09-29] (Valve Corporation)
HKU\Josh\...\Run: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [417112 2011-08-09] (IObit)
HKU\UpdatusUser\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-09] (Google Inc.)
HKU\UpdatusUser\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [1828136 2008-02-28] (Nero AG)
HKU\UpdatusUser\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-21] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-09-29] (Valve Corporation)
HKU\UpdatusUser\...\Run: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [417112 2011-08-09] (IObit)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Lsa: [Authentication Packages] msv1_0
relog_ap
Startup: C:\Users\Jim\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Services (Whitelisted) ======
2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-10] ()
2 AdobeActiveFileMonitor9.0; C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-29] (Adobe Systems Incorporated)
2 AdvancedSystemCareService; C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [328536 2011-08-09] (IObit)
2 AffinegyService; "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe" [571288 2010-06-09] (Affinegy, Inc.)
2 Application Updater; "C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe" [785344 2012-05-25] (Spigot, Inc.)
2 Belkin Local Backup Service; "C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe" /service [181760 2010-02-17] ()
2 Belkin Network USB Helper; "C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe" /service [55296 2010-02-09] ()
2 DvmMDES; "C:\ASUS.SYS\config\DVMExportService.exe" [319488 2009-10-16] (DeviceVM, Inc.)
2 EventSystem; C:\Windows\SysWow64\es.dll [271360 2009-07-13] (Microsoft Corporation)
2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [820568 2011-07-20] (IObit)
2 Kodak AiO Network Discovery Service; C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [393648 2011-09-05] (Eastman Kodak Company)
2 Kodak Cloud Software Connector; C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe -s [1526192 2011-09-25] ()
2 lxdj_device; C:\Windows\system32\lxdjcoms.exe -service [567216 2007-06-11] ( )
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG)
3 NMIndexingService; "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe" [529704 2008-02-28] (Nero AG)
2 PDF Suite 2011 Service; "C:\Program Files (x86)\PDF Suite 2011\ConversionService.exe" [791360 2010-10-13] (Interactive Brands Inc.)
2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.)
2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
2 Realtek11nCU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
2 SgtSch2Svc; "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe" [606048 2009-10-16] (Seagate)
2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
2 WTService; C:\Windows\System32\atwtusb.exe -s [665320 2010-01-27] ()
3 XoftSpyService; "C:\Program Files (x86)\Common Files\XoftSpySE\6\xoftspyservice.exe" [582424 2010-09-29] (ParetoLogic Inc.)
========================== Drivers (Whitelisted) =============
2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55424 2011-06-23] (Advanced Micro Devices)
1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2009-08-03] ()
1 AsUpIO; C:\Windows\SysWow64\Drivers\AsUpIO.sys [13368 2009-07-05] ()
3 BthAvrcp; C:\Windows\System32\Drivers\BthAvrcp.sys [29184 2009-08-12] (CSR, plc)
4 FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [20336 2011-07-11] ()
3 FTDIBUS; C:\Windows\System32\Drivers\FTDIBUS.sys [74376 2011-03-18] (FTDI Ltd.)
3 FTSER2K; C:\Windows\System32\Drivers\FTSER2K.sys [85384 2011-03-18] (FTDI Ltd.)
1 HCW88AUD; C:\Windows\System32\Drivers\HCW88AUD.sys [16128 2009-08-06] (Hauppauge Computer Works, Inc)
3 HCW88BDA; C:\Windows\System32\Drivers\HCW88BDA.sys [257664 2009-08-06] (Hauppauge Computer Works, Inc)
3 HCW88TSE; C:\Windows\System32\Drivers\HCW88TSE.sys [339840 2009-08-06] (Hauppauge Computer Works, Inc)
3 HCW88TUNE; C:\Windows\System32\drivers\hcw88tun.sys [110080 2009-08-06] (Hauppauge Computer Works, Inc.)
3 hcw88vid; C:\Windows\System32\Drivers\hcw88vid.sys [440064 2009-08-06] (Hauppauge Computer Works, Inc)
3 HCW88XBAR; C:\Windows\System32\drivers\HCW88BAR.sys [21632 2009-08-06] (Hauppauge Computer Works, Inc.)
0 JRAID; C:\Windows\System32\Drivers\JRAID.sys [115824 2010-01-11] (JMicron Technology Corp.)
3 moufiltr; C:\Windows\System32\Drivers\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
3 RTL8192cu; C:\Windows\System32\Drivers\RTL8192cu.sys [848384 2011-02-10] (Realtek Semiconductor Corporation )
3 SaiH353E; C:\Windows\System32\Drivers\SaiH353E.sys [178560 2008-04-04] (Saitek)
3 SaiHF51A; C:\Windows\System32\Drivers\SaiHF51A.sys [175880 2007-05-31] (Saitek)
3 SaiMini; C:\Windows\System32\Drivers\SaiMini.sys [16000 2009-06-10] (Saitek)
3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [43264 2009-06-10] (Saitek)
3 SaiUF51A; C:\Windows\System32\Drivers\SaiUF51A.sys [34432 2007-05-31] (Saitek)
0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
0 snapman; C:\Windows\System32\Drivers\snapman.sys [235040 2011-11-25] (Acronis)
2 sxuptp; C:\Windows\System32\Drivers\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)
0 tdrpman; C:\Windows\System32\Drivers\tdrpman.sys [593952 2011-11-25] (Acronis)
2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [81952 2011-11-25] (Acronis)
0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [711712 2011-11-25] (Acronis)
3 UrlFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [21328 2011-03-22] (IObit.com)
3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider)
3 BTCFilterService; C:\Windows\System32\DRIVERS\motfilt.sys [x]
3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [x]
3 motccgp; C:\Windows\System32\DRIVERS\motccgp.sys [x]
3 motccgpfl; C:\Windows\System32\DRIVERS\motccgpfl.sys [x]
3 motmodem; C:\Windows\System32\DRIVERS\motmodem.sys [x]
3 MotoSwitchService; C:\Windows\System32\DRIVERS\motswch.sys [x]
3 Motousbnet; C:\Windows\System32\DRIVERS\Motousbnet.sys [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-06-24 13:34 - 2012-06-24 20:02 - 00000000 ____D C:\FRST
2012-06-12 02:11 - 2012-06-12 02:11 - 00001805 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-12 02:10 - 2012-06-12 02:11 - 00000000 ____D C:\Program Files\iTunes
2012-06-12 02:10 - 2012-06-12 02:10 - 00000000 ____D C:\Program Files\iPod
2012-06-12 02:06 - 2012-06-12 02:06 - 00000000 ____D C:\Program Files (x86)\AirPort
2012-06-12 02:05 - 2012-06-12 02:05 - 00001867 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-06-12 02:05 - 2012-06-12 02:05 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-06-12 01:40 - 2012-06-12 01:40 - 00001068 ____A C:\Users\Public\Desktop\XoftSpySE.lnk
2012-06-12 01:40 - 2012-06-12 01:40 - 00000464 ____A C:\Windows\Tasks\ParetoLogic Registration3.job
2012-06-12 01:40 - 2012-06-12 01:40 - 00000438 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job
2012-06-12 01:40 - 2012-06-12 01:40 - 00000396 ____A C:\Windows\Tasks\XoftSpySE.job
2012-06-12 01:40 - 2012-06-12 01:40 - 00000000 ____D C:\Users\All Users\XoftSpySE
2012-06-12 01:40 - 2012-06-12 01:40 - 00000000 ____D C:\Users\All Users\ParetoLogic
2012-06-12 01:40 - 2012-06-12 01:40 - 00000000 ____D C:\Program Files (x86)\XoftSpySE6
2012-06-12 01:00 - 2012-06-12 01:00 - 00001221 ____A C:\Users\Jim\Desktop\SpeedyPC Pro.lnk
2012-06-12 01:00 - 2012-06-12 01:00 - 00000488 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
2012-06-12 01:00 - 2012-06-12 01:00 - 00000460 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
2012-06-12 01:00 - 2012-06-12 01:00 - 00000416 ____A C:\Windows\Tasks\SpeedyPC Pro.job
2012-06-12 01:00 - 2012-06-12 01:00 - 00000000 ____D C:\Users\Jim\AppData\Roaming\SpeedyPC Software
2012-06-12 01:00 - 2012-06-12 01:00 - 00000000 ____D C:\Users\Jim\AppData\Roaming\DriverCure
2012-06-12 01:00 - 2012-06-12 01:00 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-06-12 01:00 - 2012-06-12 01:00 - 00000000 ____D C:\Program Files (x86)\SpeedyPC Software
2012-06-12 00:53 - 2012-06-12 00:53 - 00000000 ____D C:\Program Files (x86)\IObit Toolbar
2012-06-12 00:53 - 2012-06-12 00:53 - 00000000 ____D C:\Program Files (x86)\Application Updater
============ 3 Months Modified Files and Folders =============
2012-06-12 04:22 - 2009-12-01 09:56 - 01160407 ____A C:\Windows\WindowsUpdate.log
2012-06-12 03:27 - 2009-12-24 01:44 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-12 02:11 - 2012-06-12 02:11 - 00001805 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-12 02:11 - 2012-06-12 02:10 - 00000000 ____D C:\Program Files\iTunes
2012-06-12 02:11 - 2011-10-12 23:35 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-06-12 02:10 - 2012-06-12 02:10 - 00000000 ____D C:\Program Files\iPod
2012-06-12 02:06 - 2012-06-12 02:06 - 00000000 ____D C:\Program Files (x86)\AirPort
2012-06-12 02:05 - 2012-06-12 02:05 - 00001867 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-06-12 02:05 - 2012-06-12 02:05 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-06-12 02:03 - 2011-02-04 04:37 - 00002491 ____A C:\Users\Public\Desktop\Safari.lnk
2012-06-12 02:03 - 2011-02-04 04:37 - 00000000 ____D C:\Program Files (x86)\Safari
2012-06-12 02:02 - 2010-03-20 07:23 - 00000000 ____D C:\Users\Jim\AppData\Roaming\Apple Computer
2012-06-12 01:40 - 2012-06-12 01:40 - 00001068 ____A C:\Users\Public\Desktop\XoftSpySE.lnk
2012-06-12 01:40 - 2012-06-12 01:40 - 00000464 ____A C:\Windows\Tasks\ParetoLogic Registration3.job
2012-06-12 01:40 - 2012-06-12 01:40 - 00000438 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job
2012-06-12 01:40 - 2012-06-12 01:40 - 00000396 ____A C:\Windows\Tasks\XoftSpySE.job
2012-06-12 01:40 - 2012-06-12 01:40 - 00000000 ____D C:\Users\All Users\XoftSpySE
2012-06-12 01:40 - 2012-06-12 01:40 - 00000000 ____D C:\Users\All Users\ParetoLogic
2012-06-12 01:40 - 2012-06-12 01:40 - 00000000 ____D C:\Program Files (x86)\XoftSpySE6
2012-06-12 01:27 - 2010-12-27 02:18 - 00000000 ____D C:\Program Files (x86)\Steam
2012-06-12 01:27 - 2009-12-27 03:15 - 00000000 ____D C:\Users\Jim\AppData\Local\MediaMonkey
2012-06-12 01:00 - 2012-06-12 01:00 - 00001221 ____A C:\Users\Jim\Desktop\SpeedyPC Pro.lnk
2012-06-12 01:00 - 2012-06-12 01:00 - 00000488 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
2012-06-12 01:00 - 2012-06-12 01:00 - 00000460 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
2012-06-12 01:00 - 2012-06-12 01:00 - 00000416 ____A C:\Windows\Tasks\SpeedyPC Pro.job
2012-06-12 01:00 - 2012-06-12 01:00 - 00000000 ____D C:\Users\Jim\AppData\Roaming\SpeedyPC Software
2012-06-12 01:00 - 2012-06-12 01:00 - 00000000 ____D C:\Users\Jim\AppData\Roaming\DriverCure
2012-06-12 01:00 - 2012-06-12 01:00 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-06-12 01:00 - 2012-06-12 01:00 - 00000000 ____D C:\Program Files (x86)\SpeedyPC Software
2012-06-12 00:58 - 2009-07-13 20:45 - 00014880 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-12 00:58 - 2009-07-13 20:45 - 00014880 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-12 00:57 - 2009-12-23 02:46 - 00000177 ____H C:\dvmexp.idx
2012-06-12 00:55 - 2009-12-01 15:23 - 00000000 ____D C:\Users\Jim\AppData\Local\Google
2012-06-12 00:54 - 2009-07-13 21:13 - 00733948 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-12 00:53 - 2012-06-12 00:53 - 00000000 ____D C:\Program Files (x86)\IObit Toolbar
2012-06-12 00:53 - 2012-06-12 00:53 - 00000000 ____D C:\Program Files (x86)\Application Updater
2012-06-12 00:53 - 2011-03-30 05:49 - 00000000 ____D C:\Users\All Users\Kodak
2012-06-12 00:51 - 2011-04-15 10:00 - 00000000 ___RD C:\Users\Jim\Virtual Machines
2012-06-12 00:51 - 2009-12-24 01:44 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-12 00:49 - 2009-07-13 18:34 - 00000593 ____A C:\Windows\win.ini
2012-06-12 00:47 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-12 00:47 - 2009-07-13 20:45 - 03044104 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-12 00:46 - 2009-12-10 13:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-23 11:57 - 2009-07-13 23:47 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-23 11:54 - 2010-01-31 03:35 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-23 11:44 - 2012-05-23 11:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-05-23 11:44 - 2011-01-26 11:00 - 00001945 ____A C:\Windows\epplauncher.mif
2012-05-23 11:44 - 2011-01-26 10:58 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-05-23 11:44 - 2010-07-23 10:09 - 00740506 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-20 12:07 - 2009-12-01 11:53 - 00000000 ____D C:\users\Jim
2012-04-26 11:03 - 2009-12-01 12:00 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-18 11:56 - 2012-04-18 11:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 11:56 - 2012-04-18 11:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2012-04-03 11:10 - 2012-04-03 11:09 - 00000000 ____D C:\Program Files\iGadget
2012-03-30 22:05 - 2012-05-20 11:41 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-20 11:41 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-20 11:41 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-20 11:41 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-20 11:38 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 10%
Total physical RAM: 8190.18 MB
Available physical RAM: 7324.8 MB
Total Pagefile: 8188.33 MB
Available Pagefile: 7305.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
======================= Partitions =========================
1 Drive c: (Old Windows 7 - System) (Fixed) (Total:232.88 GB) (Free:61.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (Windows 7 - System) (Fixed) (Total:521.95 GB) (Free:264.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: () (Fixed) (Total:232.88 GB) (Free:177.47 GB) NTFS
4 Drive f: (New Volume) (Fixed) (Total:931.39 GB) (Free:521.29 GB) NTFS
5 Drive g: (New Volume) (Fixed) (Total:465.76 GB) (Free:454.69 GB) NTFS
6 Drive h: (GRMCPRXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
8 Drive j: (CSAIR16GB) (Removable) (Total:15.06 GB) (Free:15.05 GB) FAT32
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 931 GB 409 GB
Disk 2 Online 232 GB 1024 KB
Disk 3 Online 931 GB 0 B *
Disk 4 Online 465 GB 1024 KB
Disk 5 Online 15 GB 0 B
Disk 6 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 232 GB 1024 KB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Old Windows NTFS Partition 232 GB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 521 GB 31 KB
======================================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D Windows 7 - NTFS Partition 521 GB Healthy
======================================================================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 232 GB 31 KB
======================================================================================================
Disk: 2
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E NTFS Partition 232 GB Healthy
======================================================================================================
Partitions of Disk 3:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Reserved 128 MB 17 KB
Partition 2 Primary 931 GB 129 MB
======================================================================================================
Disk: 3
Partition 1
Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden : Yes
Required: No
Attrib : 0000000000000000
There is no volume associated with this partition.
======================================================================================================
Disk: 3
Partition 2
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F New Volume NTFS Partition 931 GB Healthy
======================================================================================================
Partitions of Disk 4:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB
======================================================================================================
Disk: 4
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 G New Volume NTFS Partition 465 GB Healthy
======================================================================================================
Partitions of Disk 5:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 31 KB
======================================================================================================
Disk: 5
Partition 1
Type : 0B
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J CSAIR16GB FAT32 Removable 15 GB Healthy
======================================================================================================
==========================================================
Last Boot: 2012-03-17 12:08
======================= End Of Log ==========================
 
That looks fine.

Restart computer normally.

Uninstall Advanced SystemCare 4.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


==========================================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Thanks for all of the help you have provided so far. The contents of the ComboFix.txt file are -

ComboFix 12-06-24.03 - Jim 06/24/2012 21:49:18.3.6 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8190.6685 [GMT 1:00]
Running from: c:\users\Jim\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7004.tmp
c:\users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9962.tmp
c:\users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDE9B.tmp
c:\windows\Installer\{1a2525f3-71b7-0b1c-951e-8575828f9120}\@
c:\windows\Installer\{1a2525f3-71b7-0b1c-951e-8575828f9120}\n
c:\windows\Installer\{1a2525f3-71b7-0b1c-951e-8575828f9120}\U\00000001.@
c:\windows\Installer\{1a2525f3-71b7-0b1c-951e-8575828f9120}\U\80000000.@
c:\windows\Installer\{1a2525f3-71b7-0b1c-951e-8575828f9120}\U\800000cb.@
J:\autorun.inf
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy9_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))
.
.
2012-06-24 20:56 . 2012-06-24 20:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-24 12:48 . 2012-06-24 12:48 -------- d-----w- c:\users\Jim\AppData\Roaming\Malwarebytes
2012-06-24 12:48 . 2012-06-24 12:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-24 12:48 . 2012-06-24 12:48 -------- d-----w- c:\programdata\Malwarebytes
2012-06-24 12:48 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-22 23:35 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E87E0F6F-9922-4F6D-95AD-B7A2B2A6ED6C}\mpengine.dll
2012-06-21 14:06 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-21 09:07 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 09:07 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 09:07 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 09:07 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 09:07 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 09:07 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 09:07 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 09:06 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 09:06 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 15:28 . 2012-06-14 15:29 -------- d-----w- c:\program files (x86)\iTunes
2012-06-14 15:24 . 2012-06-14 15:24 -------- d-----w- c:\program files (x86)\AirPort
2012-06-14 08:07 . 2012-06-14 08:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-06-12 22:55 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-12 22:55 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-12 22:51 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-12 22:51 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-12 22:51 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-12 22:51 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-12 22:51 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-12 22:51 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-12 22:51 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-12 22:51 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 22:51 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-12 22:51 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-12 22:51 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-12 22:50 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-12 22:50 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-12 22:50 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 22:50 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-12 22:50 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-12 22:50 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-12 17:54 . 2012-06-11 22:29 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-12 17:54 . 2012-06-11 22:29 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8CA465F2-8CEB-4A42-9D21-561AE0F451A0}\gapaengine.dll
2012-06-11 22:25 . 2012-06-11 22:25 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-11 22:25 . 2012-06-11 22:25 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-07 22:58 . 2012-06-07 22:58 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-07 14:39 . 2012-06-08 12:59 -------- d-----w- C:\SC2-WingsOfLiberty-enGB-Installer
2012-06-07 14:32 . 2012-06-07 22:14 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-06-07 14:32 . 2012-06-07 22:14 -------- d-----w- c:\program files (x86)\StarCraft II
2012-06-07 14:32 . 2012-06-07 14:53 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 12:43 . 2012-05-04 10:11 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-06-24 12:43 . 2012-05-04 10:11 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-06-24 12:43 . 2012-05-04 10:11 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-06-23 13:28 . 2012-04-03 09:35 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 13:28 . 2011-08-31 10:11 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-21 15:37 . 2011-09-20 18:37 28640 ----a-w- c:\windows\system32\DriveCleanup.exe
2012-06-14 08:07 . 2010-03-14 14:44 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-06-14 08:07 . 2010-03-14 14:44 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-07 10:00 . 2012-04-08 17:27 119296 ----a-w- c:\windows\SysWow64\zlib.dll
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2011-11-10 03:16 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2011-07-08 03:28 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2011-11-10 03:06 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-07-08 02:54 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2011-07-08 03:10 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-07-08 02:46 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2011-11-10 02:11 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-05 21:34 . 2012-04-05 21:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 21:34 . 2012-04-05 21:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-05 21:34 . 2012-04-05 21:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-05 21:33 . 2012-04-05 21:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-05 21:33 . 2012-04-05 21:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-05 21:33 . 2012-04-05 21:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-05 21:32 . 2012-04-05 21:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-03-30 11:35 . 2012-05-09 23:22 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-02-23 59240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-09 39408]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-06-14 380928]
"ApplePhotoStreams"="c:\program files (x86)\common files\apple\internet services\applephotostreams.exe" [2012-02-24 59240]
"OfficeSyncProcess"="c:\program files (x86)\microsoft office\office14\msosync.exe" [2011-07-21 718720]
"MobileDocuments"="c:\program files (x86)\common files\apple\internet services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"JMB36X IDE Setup"="c:\windows\raidtool\xinside.exe" [2010-01-19 43632]
"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"AcronisTimounterMonitor"="c:\program files (x86)\seagate\discwizard\timountermonitor.exe" [2009-10-16 904840]
"DiscWizardMonitor.exe"="c:\program files (x86)\seagate\discwizard\discwizardmonitor.exe" [2009-10-16 1325936]
"StartCCC"="c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" [2012-04-06 641664]
"NUSB3MON"="c:\program files (x86)\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe" [2010-04-27 113288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-12-12 2234288]
.
c:\users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 257224]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 CH341SER_A64;CH341SER_A64;c:\windows\system32\Drivers\CH341S64.SYS [x]
R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-07-11 20336]
R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-24 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-24 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-03-22 33184]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [x]
R3 SaiH353E;SaiH353E;c:\windows\system32\DRIVERS\SaiH353E.sys [x]
R3 SaiHF51A;SaiHF51A;c:\windows\system32\DRIVERS\SaiHF51A.sys [x]
R3 SaiUF51A;SaiUF51A;c:\windows\system32\DRIVERS\SaiUF51A.sys [x]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [x]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [x]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-03-22 21328]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-10-16 319488]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-07-20 820568]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
S2 Kodak Cloud Software Connector;Kodak Cloud Software Connector;c:\program files (x86)\Kodak\CloudPrinting\KCPConnector.exe [2011-09-26 1526192]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-03-23 517632]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 PDF Suite 2011 Service;PDF Suite 2011 Service;c:\program files (x86)\PDF Suite 2011\ConversionService.exe [2010-10-13 791360]
S2 Realtek11nCU;Realtek11nCU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2009-10-16 606048]
S2 WTService;WTService;c:\windows\System32\atwtusb.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [x]
S3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [x]
S3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [x]
S3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [x]
S3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\HCW88BAR.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 13:28]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-24 09:44]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-24 09:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1873288]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-16 136544]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
"JMB36X IDE Setup"="c:\windows\raidtool\xinside.exe" [2010-01-19 43632]
"CanonMyPrinter"="c:\program files\canon\myprinter\bjmyprt.exe" [2009-10-19 2185032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"MacroKeyManager"="wtmkm.exe" [2010-01-15 6105832]
"Windows Mobile Device Center"="c:\windows\windowsmobile\wmdc.exe" [2007-05-31 660360]
"SaiMfd"="c:\program files\saitek\sd6\software\saimfd.exe" [2009-06-03 194560]
"ProfilerU"="c:\program files\saitek\sd6\software\profileru.exe" [2009-06-03 357888]
"btbb_McciTrayApp"="c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe" [2011-05-26 3457424]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://home.bt.yahoo.com/
mStart Page = hxxp://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_IKEA_Win32.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{1AD61D5B-58A3-4592-9B34-DC84688FF805} - (no file)
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
SafeBoot-MsMpSvc
AddRemove-SLABCOMM&10C4&EA60 - c:\program files (x86)\Silabs\MCU\DriverUninstall\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2311616002-3841696132-1286997904-1000\Software\SecuROM\License information*]
"datasecu"=hex:04,01,c6,76,a2,86,77,ca,8d,f1,84,94,d7,51,15,43,7b,fc,8e,3d,0b,
a3,ab,fb,e3,ac,b3,ac,f0,7e,ba,54,2e,9f,44,71,75,5b,32,68,d9,6f,8d,f0,dd,92,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\windows\DAODx.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
.
**************************************************************************
.
Completion time: 2012-06-24 22:04:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-24 21:04
ComboFix2.txt 2012-06-14 09:07
.
Pre-Run: 283,891,376,128 bytes free
Post-Run: 284,228,067,328 bytes free
.
- - End Of File - - 33C7ABD430F87FB2D8DEB27EAEFD00C8
 
Looks good.

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Computer is looking good. I had to remove and reinstall MS Security Essentials in order for it to run. Once installed I updated it and carried out a 'Quick Scan' succesfully.
I have just completed running OTL (Took a little longer than expected) and the resulst are posted below.

OTL Extras logfile created on: 06/24/2012 23:16:44 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Jim\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: MM/dd/yyyy

8.00 Gb Total Physical Memory | 5.55 Gb Available Physical Memory | 69.42% Memory free
15.99 Gb Paging File | 12.75 Gb Available in Paging File | 79.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 521.95 Gb Total Space | 264.91 Gb Free Space | 50.75% Space Free | Partition Type: NTFS
Drive D: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 232.88 Gb Total Space | 61.77 Gb Free Space | 26.52% Space Free | Partition Type: NTFS
Drive G: | 931.39 Gb Total Space | 521.29 Gb Free Space | 55.97% Space Free | Partition Type: NTFS
Drive H: | 232.88 Gb Total Space | 177.47 Gb Free Space | 76.21% Space Free | Partition Type: NTFS
Drive I: | 15.06 Gb Total Space | 15.05 Gb Free Space | 99.96% Space Free | Partition Type: FAT32
Drive J: | 465.76 Gb Total Space | 464.88 Gb Free Space | 99.81% Space Free | Partition Type: NTFS

Computer Name: DESKTOP | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{7D271994-D1F4-4CDF-9D53-5251147B2D5A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8449ECAF-BAEA-4370-A466-62FCE4DE5222}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A1E268DF-CFBF-46C7-83A5-B32181E9515A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C67E22A2-A8E8-4472-9FFE-C799394E7A3D}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel
"{108A39BF-4ED1-4293-B11A-06BD521FB8F7}" = FreeOCR 3.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802" = CanoScan LiDE 600F
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{66A4349A-AA55-43E5-A781-62867A701A90}" = MacroKey Manager
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADED6869-D6D1-671E-9653-3782C21FA809}" = AMD Drag and Drop Transcoding
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EB7C6F78-2A27-4FEF-A98B-5F2698DC4CBF}" = Saitek SD6 Programming Software 6.6.6.9
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CANONIJINBOXADDON200" = Canon Inkjet Printer Driver Add-On Module V2.00
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"Road Angel Professional" = Road Angel Professional

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12A985FE-1E10-4FB2-B3F9-C8B4FB4D905F}" = KODAK Cloud Software Connector
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1EE1BE7E-1F9A-4150-B95D-74415BCCF4D8}_is1" = Foxreal YouTube FLV Downloader version: 1.0.1.1
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{30B1CCDB-209B-4E94-8311-379F2E6B6B59}" = RAW FILE CONVERTER EX powered by SILKYPIX
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A41832E-FDC8-458B-94BC-39637F9E457C}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8789088D-CF28-4086-81C4-901A5191959E}" = calibre
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D12314F45EB}" = REALTEK Wireless LAN Driver and Utility
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA68AAAE-41F0-40B5-8896-5947F5FD6889}" = AirPort
"{AAAD78CA-31B6-40B5-9DB2-EB3291F13256}" = Chrono Connect
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B07BE535-6E83-4c21-B523-B7341C7F9567}" = ScanAndSave 2.0
"{B3491D28-DCF7-0D3E-1B3F-28E6FCDE659F}" = HydraVision
"{B435433C-110A-4853-843A-7BD1EE59624E}_is1" = PlayerLiteHJ 1.0.2.2.LHJ
"{BAAC99C5-15B4-463A-AE27-BD2F4702F2B2}" = PDF Suite 2011
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CC727D68-44D5-4D66-AAA7-A16B563A1753}" = RoadPilot Software Suite
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E6B43401-E818-4961-AFED-118DD8E87642}" = RAF
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"Aura Software Manager_is1" = Aura Software Manager 1.0.3
"Aura YouTube Downloader_is1" = Aura YouTube Downloader 1.0.8
"Belarc Advisor" = Belarc Advisor 8.1
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BTHomeHub" = BTHomeHub
"CanonMyPrinter" = Canon Utilities My Printer
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"cb625" = Combro cb625 Air Gun Support
"CoreAAC" = CoreAAC
"DFU Mode Application" = DFU Mode Application
"DTGDesktop" = Documents To Go Desktop for iPhone
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EvilLyrics" = EvilLyrics
"GOM Player" = GOM Player
"HD Tune Pro_is1" = HD Tune Pro 5.00
"HD Tune_is1" = HD Tune 2.55
"iGadget_is1" = iGadget 6.5.2
"InstallShield_{30B1CCDB-209B-4E94-8311-379F2E6B6B59}" = RAW FILE CONVERTER EX powered by SILKYPIX
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{66A4349A-AA55-43E5-A781-62867A701A90}" = MacroKey Manager
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"IObit Malware Fighter_is1" = IObit Malware Fighter
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Lexmark 1400 Series" = Lexmark 1400 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MediaMonkey_is1" = MediaMonkey 4.0
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"MyFinePix Studio_is1" = FUJIFILM MyFinePix Studio 3.2
"Notepad++" = Notepad++
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"PremElem90" = Adobe Premiere Elements 9
"Protected Folder_is1" = Protected Folder
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"Smart Defrag 2_is1" = Smart Defrag 2
"SmartWitness Analysis Software_is1" = SmartWitness Analysis Software 2.0.8.0
"StarCraft II" = StarCraft II
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 22330" = The Elder Scrolls IV: Oblivion
"Steam App 22380" = Fallout: New Vegas
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 9200" = RAGE
"Video Viewer" = Video Viewer
"WePrint" = WePrint
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2311616002-3841696132-1286997904-1020\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 06/24/2012 08:56:12 | Computer Name = Desktop | Source = Application Error | ID = 1000
Description = Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time
stamp: 0x4f7e4d8c Faulting module name: Device.dll, version: 4.1.0.0, time stamp:
0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process
id: 0x804 Faulting application start time: 0x01cd520681199aae Faulting application
path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Faulting module
path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Report Id: f941d3a5-bdfb-11e1-abb0-bcaec5bd3e20

Error - 06/24/2012 12:48:56 | Computer Name = Desktop | Source = Application Error | ID = 1000
Description = Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time
stamp: 0x4f7e4d8c Faulting module name: Device.dll, version: 4.1.0.0, time stamp:
0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process
id: 0x844 Faulting application start time: 0x01cd5208fadf6c7d Faulting application
path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Faulting module
path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Report Id: 7c5cedcc-be1c-11e1-a5e0-bcaec5bd3e20

Error - 06/24/2012 12:50:37 | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.65:5353 17 65.1.168.192.in-addr.arpa.
PTR Desktop-2.local.

Error - 06/24/2012 12:50:37 | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 15 65.1.168.192.in-addr.arpa.
PTR Desktop.local.

Error - 06/24/2012 14:28:17 | Computer Name = Desktop | Source = Application Error | ID = 1000
Description = Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time
stamp: 0x4f7e4d8c Faulting module name: Device.dll, version: 4.1.0.0, time stamp:
0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process
id: 0x834 Faulting application start time: 0x01cd52297573b619 Faulting application
path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Faulting module
path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Report Id: 5d46cc99-be2a-11e1-a5d3-bcaec5bd3e20

Error - 06/24/2012 14:30:01 | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.65:5353 17 65.1.168.192.in-addr.arpa.
PTR Desktop-2.local.

Error - 06/24/2012 14:30:01 | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 15 65.1.168.192.in-addr.arpa.
PTR Desktop.local.

Error - 06/24/2012 14:50:28 | Computer Name = Desktop | Source = Application Error | ID = 1000
Description = Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time
stamp: 0x4f7e4d8c Faulting module name: Device.dll, version: 4.1.0.0, time stamp:
0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process
id: 0x830 Faulting application start time: 0x01cd523759316d03 Faulting application
path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Faulting module
path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Report Id: 769ec527-be2d-11e1-8d8f-bcaec5bd3e20

Error - 06/24/2012 17:17:04 | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.65:5353 17 65.1.168.192.in-addr.arpa.
PTR Desktop-2.local.

Error - 06/24/2012 17:17:04 | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 15 65.1.168.192.in-addr.arpa.
PTR Desktop.local.

[ Media Center Events ]
Error - 06/24/2012 07:34:16 | Computer Name = Desktop | Source = MCUpdate | ID = 0
Description = 12:34:16 - Error connecting to the internet. 12:34:16 - Unable
to contact server..

Error - 06/24/2012 07:34:34 | Computer Name = Desktop | Source = MCUpdate | ID = 0
Description = 12:34:21 - Error connecting to the internet. 12:34:21 - Unable
to contact server..

[ System Events ]
Error - 06/24/2012 16:58:59 | Computer Name = Desktop | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058

Error - 06/24/2012 16:58:59 | Computer Name = Desktop | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058

Error - 06/24/2012 16:58:59 | Computer Name = Desktop | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023828.

Error - 06/24/2012 17:00:38 | Computer Name = Desktop | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058

Error - 06/24/2012 17:15:25 | Computer Name = Desktop | Source = Service Control Manager | ID = 7031
Description = The AMD FUEL Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 06/24/2012 17:16:57 | Computer Name = Desktop | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058

Error - 06/24/2012 17:17:59 | Computer Name = Desktop | Source = DCOM | ID = 10005
Description =

Error - 06/24/2012 17:17:58 | Computer Name = Desktop | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058

Error - 06/24/2012 17:18:03 | Computer Name = Desktop | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023828.

Error - 06/24/2012 17:19:07 | Computer Name = Desktop | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058


< End of report >

Going to post the other file in 2 parts as it is over 71,000 chars in length.
 
Part 1 of [FONT=Calibri]OTL logfile [/FONT]


OTL logfile created on: 06/24/2012 23:54:20 - Run 1

OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Jim\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: MM/dd/yyyy



8.00 Gb Total Physical Memory | 5.26 Gb Available Physical Memory | 65.75% Memory free

15.99 Gb Paging File | 12.77 Gb Available in Paging File | 79.86% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 521.95 Gb Total Space | 263.77 Gb Free Space | 50.54% Space Free | Partition Type: NTFS

Drive D: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive F: | 232.88 Gb Total Space | 61.68 Gb Free Space | 26.48% Space Free | Partition Type: NTFS

Drive G: | 931.39 Gb Total Space | 521.21 Gb Free Space | 55.96% Space Free | Partition Type: NTFS

Drive H: | 232.88 Gb Total Space | 177.41 Gb Free Space | 76.18% Space Free | Partition Type: NTFS

Drive I: | 15.06 Gb Total Space | 15.05 Gb Free Space | 99.95% Space Free | Partition Type: FAT32

Drive J: | 465.76 Gb Total Space | 464.88 Gb Free Space | 99.81% Space Free | Partition Type: NTFS



Computer Name: DESKTOP | User Name: Jim | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days



========== Processes (SafeList) ==========



PRC - [2012/06/24 23:13:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe

PRC - [2012/05/30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/02/28 23:34:32 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

PRC - [2012/02/24 04:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

PRC - [2012/02/23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

PRC - [2012/02/23 13:22:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe

PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

PRC - [2011/09/26 02:46:54 | 001,526,192 | ---- | M] () -- C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe

PRC - [2011/08/25 11:35:18 | 001,584,472 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe

PRC - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

PRC - [2011/05/26 16:03:28 | 000,207,872 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe

PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2010/10/13 19:28:04 | 000,791,360 | ---- | M] (Interactive Brands Inc.) -- C:\Program Files (x86)\PDF Suite 2011\ConversionService.exe

PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

PRC - [2010/07/27 18:33:18 | 001,167,360 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe

PRC - [2010/04/27 03:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe

PRC - [2009/11/11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPort\APAgent.exe

PRC - [2009/10/16 19:42:54 | 000,904,840 | ---- | M] (Acronis) -- C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe

PRC - [2009/10/16 19:39:32 | 000,136,544 | ---- | M] (Seagate) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe

PRC - [2009/10/16 19:37:22 | 001,325,936 | ---- | M] (Seagate) -- C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe

PRC - [2009/10/16 10:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe

PRC - [2009/03/30 07:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe

PRC - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe





========== Modules (No Company Name) ==========



MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/08/19 17:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

MOD - [2009/10/16 18:59:30 | 001,328,480 | ---- | M] () -- C:\Program Files (x86)\Seagate\DiscWizard\fox.dll

MOD - [2009/03/30 07:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe





========== Win32 Services (SafeList) ==========



SRV:64bit: - [2012/04/06 03:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2010/01/27 17:27:24 | 000,665,320 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atwtusb.exe -- (WTService)

SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2007/06/11 11:18:20 | 000,567,216 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysNative\lxdjcoms.exe -- (lxdj_device)

SRV - [2012/06/23 14:28:58 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/05/19 16:06:44 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)

SRV - [2011/09/26 02:46:54 | 001,526,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe -- (Kodak Cloud Software Connector)

SRV - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)

SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2010/11/20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2010/11/20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)

SRV - [2010/11/20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV - [2010/10/13 19:28:04 | 000,791,360 | ---- | M] (Interactive Brands Inc.) [Auto | Running] -- C:\Program Files (x86)\PDF Suite 2011\ConversionService.exe -- (PDF Suite 2011 Service)

SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)

SRV - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nCU)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/30 18:12:57 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/10/16 19:39:50 | 000,606,048 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)

SRV - [2009/10/16 10:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)

SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)

SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)





========== Driver Services (SafeList) ==========



DRV:64bit: - [2012/04/06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/04/06 02:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)

DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/11/25 15:08:00 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)

DRV:64bit: - [2011/11/25 15:08:00 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)

DRV:64bit: - [2011/11/25 15:07:57 | 000,235,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)

DRV:64bit: - [2011/11/25 15:07:48 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)

DRV:64bit: - [2011/11/04 17:00:00 | 000,058,368 | ---- | M] (www.winchiphead.com) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CH341S64.SYS -- (CH341SER_A64)

DRV:64bit: - [2011/10/14 17:13:26 | 000,071,168 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabser.sys -- (silabser)

DRV:64bit: - [2011/10/14 17:13:26 | 000,027,336 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabenm.sys -- (silabenm)

DRV:64bit: - [2011/09/29 19:13:15 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2011/07/06 18:12:50 | 000,367,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)

DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)

DRV:64bit: - [2011/04/27 11:42:10 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/04/27 11:42:10 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/18 13:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)

DRV:64bit: - [2011/03/18 13:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)

DRV:64bit: - [2011/02/11 01:36:12 | 000,848,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192cu.sys -- (RTL8192cu)

DRV:64bit: - [2010/11/26 19:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)

DRV:64bit: - [2010/11/20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)

DRV:64bit: - [2010/11/20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)

DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)

DRV:64bit: - [2010/11/20 12:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)

DRV:64bit: - [2010/11/20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/04/27 02:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2010/04/27 02:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)

DRV:64bit: - [2010/01/11 12:28:35 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)

DRV:64bit: - [2009/08/26 14:15:10 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\walvhid.sys -- (vhidmini)

DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009/08/13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)

DRV:64bit: - [2009/08/06 14:35:20 | 000,440,064 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88vid.sys -- (hcw88vid)

DRV:64bit: - [2009/08/06 14:35:18 | 000,339,840 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88tse.sys -- (HCW88TSE)

DRV:64bit: - [2009/08/06 14:35:18 | 000,257,664 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88bda.sys -- (HCW88BDA)

DRV:64bit: - [2009/08/06 14:35:18 | 000,110,080 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88tun.sys -- (HCW88TUNE)

DRV:64bit: - [2009/08/06 14:35:16 | 000,021,632 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88bar.sys -- (HCW88XBAR)

DRV:64bit: - [2009/08/06 14:35:16 | 000,016,128 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hcw88aud.sys -- (HCW88AUD)

DRV:64bit: - [2009/07/16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)

DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/10 12:14:36 | 000,043,264 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)

DRV:64bit: - [2009/06/10 12:14:36 | 000,016,000 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)

DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/05/05 01:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)

DRV:64bit: - [2009/03/08 20:16:14 | 000,007,680 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\moufiltr.sys -- (moufiltr)

DRV:64bit: - [2008/11/07 22:15:40 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)

DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)

DRV:64bit: - [2008/04/04 15:33:32 | 000,178,560 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiH353E.sys -- (SaiH353E)

DRV:64bit: - [2007/05/31 12:22:08 | 000,175,880 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiHF51A.sys -- (SaiHF51A)

DRV:64bit: - [2007/05/31 12:22:08 | 000,034,432 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiUF51A.sys -- (SaiUF51A)

DRV - [2011/07/11 14:40:30 | 000,020,336 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)

DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2011/03/23 00:58:10 | 000,021,328 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)

DRV - [2011/03/23 00:58:06 | 000,033,184 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)

DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)





========== Standard Registry (SafeList) ==========





========== Internet Explorer ==========



IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7





IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0







IE - HKU\S-1-5-21-2311616002-3841696132-1286997904-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2311616002-3841696132-1286997904-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/

IE - HKU\S-1-5-21-2311616002-3841696132-1286997904-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKU\S-1-5-21-2311616002-3841696132-1286997904-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 41 DE 89 7B E1 CB 01 [binary data]

IE - HKU\S-1-5-21-2311616002-3841696132-1286997904-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-2311616002-3841696132-1286997904-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2311616002-3841696132-1286997904-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searc...SP_ss&mntrId=4edd7aeb000000000000bcaec5bd3e20

IE - HKU\S-1-5-21-2311616002-3841696132-1286997904-1000\..\SearchScopes\{1E83156C-A142-4CDB-A534-2BBFE2A2EDA6}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749&p={searchTerms}

IE - HKU\S-1-5-21-2311616002-3841696132-1286997904-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...ding?}&oe={outputEncoding?}&rlz=1I7GGHP_en-GB

IE - HKU\S-1-5-21-2311616002-3841696132-1286997904-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...28586fd99&lang=en&ds=gm011&pr=sa&d=2012-04-13 16:20:37&v=10.2.0.3&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-2311616002-3841696132-1286997904-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2311616002-3841696132-1286997904-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2311616002-3841696132-1286997904-1020\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=OIE9HP

IE - HKU\S-1-5-21-2311616002-3841696132-1286997904-1020\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2311616002-3841696132-1286997904-1020\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]

IE - HKU\S-1-5-21-2311616002-3841696132-1286997904-1020\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/

IE - HKU\S-1-5-21-2311616002-3841696132-1286997904-1020\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-2311616002-3841696132-1286997904-1020\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKU\S-1-5-21-2311616002-3841696132-1286997904-1020\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 41 DE 89 7B E1 CB 01 [binary data]

IE - HKU\S-1-5-21-2311616002-3841696132-1286997904-1020\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found

IE - HKU\S-1-5-21-2311616002-3841696132-1286997904-1020\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2311616002-3841696132-1286997904-1020\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2311616002-3841696132-1286997904-1020\..\SearchScopes\{1E83156C-A142-4CDB-A534-2BBFE2A2EDA6}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=380920&p={searchTerms}

IE - HKU\S-1-5-21-2311616002-3841696132-1286997904-1020\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKU\S-1-5-21-2311616002-3841696132-1286997904-1020\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2311616002-3841696132-1286997904-1020\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local





========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFConverter@ib.com: C:\Program Files (x86)\PDF Suite 2011\firefoxextension [2012/04/08 11:37:18 | 000,000,000 | ---D | M]



[2010/12/17 12:57:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Extensions

[2010/12/17 12:57:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Extensions\wizard@opendns.com



O1 HOSTS File: ([2012/06/24 21:59:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (no name) - {1AD61D5B-58A3-4592-9B34-DC84688FF805} - No CLSID value found.

O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

O2 - BHO: (no name) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKU\S-1-5-21-2311616002-3841696132-1286997904-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKU\S-1-5-21-2311616002-3841696132-1286997904-1020\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [btbb_McciTrayApp] c:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)

O4:64bit: - HKLM..\Run: [CanonMyPrinter] c:\program files\canon\myprinter\bjmyprt.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)

O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [JMB36X IDE Setup] c:\Windows\RaidTool\xInsIDE.exe ()

O4:64bit: - HKLM..\Run: [MacroKeyManager] C:\Windows\SysNative\WTMKM.exe ()

O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [ProfilerU] c:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)

O4:64bit: - HKLM..\Run: [SaiMfd] c:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)

O4:64bit: - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)

O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKLM..\Run: [AcronisTimounterMonitor] c:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)

O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [DiscWizardMonitor.exe] c:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)

O4 - HKLM..\Run: [JMB36X IDE Setup] c:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [StartCCC] c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-21-2311616002-3841696132-1286997904-1000..\Run: [ApplePhotoStreams] c:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)

O4 - HKU\S-1-5-21-2311616002-3841696132-1286997904-1000..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)

O4 - HKU\S-1-5-21-2311616002-3841696132-1286997904-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)

O4 - HKU\S-1-5-21-2311616002-3841696132-1286997904-1000..\Run: [MobileDocuments] c:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

O4 - HKU\S-1-5-21-2311616002-3841696132-1286997904-1020..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2311616002-3841696132-1286997904-1020..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)

O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)

O4 - HKU\S-1-5-21-2311616002-3841696132-1286997904-1020..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2311616002-3841696132-1286997904-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2311616002-3841696132-1286997904-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-2311616002-3841696132-1286997904-1020\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} http://u3.sandisk.com/download/apps/LPInstaller.CAB (CInstallLPCtrl Object)

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C836DBD-A9CF-4195-95B6-C1E8B22C2D19}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9604B64-AC0B-4331-AA12-834834DEFF9C}: DhcpNameServer = 192.168.1.254 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D57DEE4B-58E2-4A3C-A189-5276749522E7}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\belarc - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

O18 - Protocol\Handler\gopher - No CLSID value found

O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
[FONT=Times New Roman] [/FONT]
 
Part 2 of [FONT=Calibri]OTL logfile [/FONT]

[FONT=Calibri]O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)[/FONT]

[FONT=Calibri]O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)[/FONT]

[FONT=Calibri]O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)[/FONT]

[FONT=Calibri]O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)[/FONT]

[FONT=Calibri]O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)[/FONT]

[FONT=Calibri]O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)[/FONT]

[FONT=Calibri]O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found[/FONT]

[FONT=Calibri]O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)[/FONT]

[FONT=Calibri]O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)[/FONT]

[FONT=Calibri]O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found[/FONT]

[FONT=Calibri]O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)[/FONT]

[FONT=Calibri]O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)[/FONT]

[FONT=Calibri]O32 - HKLM CDRom: AutoRun - 1[/FONT]

[FONT=Calibri]O32 - AutoRun File - [2009/07/14 10:29:38 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ][/FONT]

[FONT=Calibri]O34 - HKLM BootExecute: (autocheck autochk *)[/FONT]

[FONT=Calibri]O35:64bit: - HKLM\..comfile [open] -- "%1" %*[/FONT]

[FONT=Calibri]O35:64bit: - HKLM\..exefile [open] -- "%1" %*[/FONT]

[FONT=Calibri]O35 - HKLM\..comfile [open] -- "%1" %*[/FONT]

[FONT=Calibri]O35 - HKLM\..exefile [open] -- "%1" %*[/FONT]

[FONT=Calibri]O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*[/FONT]

[FONT=Calibri]O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*[/FONT]

[FONT=Calibri]O37 - HKLM\...com [@ = ComFile] -- "%1" %*[/FONT]

[FONT=Calibri]O37 - HKLM\...exe [@ = exefile] -- "%1" %*[/FONT]

[FONT=Calibri]O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)[/FONT]

[FONT=Calibri]O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)[/FONT]

[FONT=Calibri]O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Files/Folders - Created Within 30 Days ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][2012/06/24 23:13:10 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe[/FONT]

[FONT=Calibri][2012/06/24 22:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client[/FONT]

[FONT=Calibri][2012/06/24 22:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client[/FONT]

[FONT=Calibri][2012/06/24 22:31:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi[/FONT]

[FONT=Calibri][2012/06/24 22:04:43 | 000,000,000 | ---D | C] -- C:\Windows\temp[/FONT]

[FONT=Calibri][2012/06/24 21:59:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[/FONT]

[FONT=Calibri][2012/06/24 21:46:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[/FONT]

[FONT=Calibri][2012/06/24 21:46:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[/FONT]

[FONT=Calibri][2012/06/24 21:46:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[/FONT]

[FONT=Calibri][2012/06/24 21:41:03 | 000,000,000 | ---D | C] -- C:\Qoobox[/FONT]

[FONT=Calibri][2012/06/24 21:36:32 | 004,567,243 | R--- | C] (Swearware) -- C:\Users\Jim\Desktop\ComboFix.exe[/FONT]

[FONT=Calibri][2012/06/24 16:00:03 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Jim\Desktop\dds.scr[/FONT]

[FONT=Calibri][2012/06/24 13:48:05 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Malwarebytes[/FONT]

[FONT=Calibri][2012/06/24 13:48:00 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[/FONT]

[FONT=Calibri][2012/06/24 13:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[/FONT]

[FONT=Calibri][2012/06/24 13:48:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[/FONT]

[FONT=Calibri][2012/06/24 13:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[/FONT]

[FONT=Calibri][2012/06/24 13:47:02 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jim\Desktop\mbam-setup-1.61.0.1400.exe[/FONT]

[FONT=Calibri][2012/06/21 14:06:53 | 001,039,736 | ---- | C] (SanDisk Corporation) -- C:\Users\Jim\Desktop\LPInstaller (1).exe[/FONT]

[FONT=Calibri][2012/06/14 16:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes[/FONT]

[FONT=Calibri][2012/06/14 16:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AirPort[/FONT]

[FONT=Calibri][2012/06/13 22:53:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT[/FONT]

[FONT=Calibri][2012/06/07 23:58:58 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%[/FONT]

[FONT=Calibri][2012/06/07 15:55:49 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II[/FONT]

[FONT=Calibri][2012/06/07 15:39:34 | 000,000,000 | ---D | C] -- C:\SC2-WingsOfLiberty-enGB-Installer[/FONT]

[FONT=Calibri][2012/06/07 15:32:02 | 000,000,000 | ---D | C] -- C:\Users\Jim\Documents\StarCraft II[/FONT]

[FONT=Calibri][2012/06/07 15:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II[/FONT]

[FONT=Calibri][2012/06/07 15:32:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II[/FONT]

[FONT=Calibri][2012/06/07 15:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment[/FONT]

[FONT=Calibri][2012/06/07 15:32:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment[/FONT]

[FONT=Calibri][2012/06/06 23:48:19 | 000,483,328 | ---- | C] (Simon Tatham) -- C:\Users\Jim\Desktop\putty.exe[/FONT]

[FONT=Calibri][1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ][/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Files - Modified Within 30 Days ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][2012/06/24 23:42:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[/FONT]

[FONT=Calibri][2012/06/24 23:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[/FONT]

[FONT=Calibri][2012/06/24 23:13:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe[/FONT]

[FONT=Calibri][2012/06/24 22:32:52 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif[/FONT]

[FONT=Calibri][2012/06/24 22:32:39 | 000,895,358 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI[/FONT]

[FONT=Calibri][2012/06/24 22:32:39 | 000,731,144 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[/FONT]

[FONT=Calibri][2012/06/24 22:32:39 | 000,149,582 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[/FONT]

[FONT=Calibri][2012/06/24 22:27:05 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx[/FONT]

[FONT=Calibri][2012/06/24 22:24:28 | 000,014,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[/FONT]

[FONT=Calibri][2012/06/24 22:24:28 | 000,014,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[/FONT]

[FONT=Calibri][2012/06/24 22:17:38 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[/FONT]

[FONT=Calibri][2012/06/24 22:16:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[/FONT]

[FONT=Calibri][2012/06/24 22:16:21 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys[/FONT]

[FONT=Calibri][2012/06/24 21:59:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[/FONT]

[FONT=Calibri][2012/06/24 21:36:44 | 004,567,243 | R--- | M] (Swearware) -- C:\Users\Jim\Desktop\ComboFix.exe[/FONT]

[FONT=Calibri][2012/06/24 16:00:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Jim\Desktop\dds.scr[/FONT]

[FONT=Calibri][2012/06/24 14:44:11 | 000,302,592 | ---- | M] () -- C:\Users\Jim\Desktop\y7qbdd27.exe[/FONT]

[FONT=Calibri][2012/06/24 13:48:00 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[/FONT]

[FONT=Calibri][2012/06/24 13:47:02 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jim\Desktop\mbam-setup-1.61.0.1400.exe[/FONT]

[FONT=Calibri][2012/06/24 12:40:56 | 000,888,800 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[/FONT]

[FONT=Calibri][2012/06/23 14:22:22 | 000,081,487 | ---- | M] () -- C:\Users\Jim\Documents\Dog House.pdf[/FONT]

[FONT=Calibri][2012/06/21 16:37:16 | 000,028,640 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) -- C:\Windows\SysNative\DriveCleanup.exe[/FONT]

[FONT=Calibri][2012/06/21 14:06:53 | 001,039,736 | ---- | M] (SanDisk Corporation) -- C:\Users\Jim\Desktop\LPInstaller (1).exe[/FONT]

[FONT=Calibri][2012/06/15 00:38:20 | 000,002,515 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk[/FONT]

[FONT=Calibri][2012/06/15 00:38:20 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk[/FONT]

[FONT=Calibri][2012/06/14 16:29:14 | 000,001,801 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk[/FONT]

[FONT=Calibri][2012/06/13 17:18:57 | 020,975,616 | ---- | M] () -- C:\Users\Jim\Documents\Windows logs - System.evtx[/FONT]

[FONT=Calibri][2012/06/13 17:18:39 | 001,052,672 | ---- | M] () -- C:\Users\Jim\Documents\Windows logs - Setup.evtx[/FONT]

[FONT=Calibri][2012/06/13 16:33:04 | 020,975,616 | ---- | M] () -- C:\Users\Jim\Documents\Windows logs - Security.evtx[/FONT]

[FONT=Calibri][2012/06/13 16:32:37 | 005,312,512 | ---- | M] () -- C:\Users\Jim\Documents\Windows logs - Application.evtx[/FONT]

[FONT=Calibri][2012/06/13 08:26:52 | 003,044,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[/FONT]

[FONT=Calibri][2012/06/07 15:52:53 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk[/FONT]

[FONT=Calibri][2012/06/07 11:00:07 | 000,119,296 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll[/FONT]

[FONT=Calibri][2012/06/06 23:48:22 | 000,483,328 | ---- | M] (Simon Tatham) -- C:\Users\Jim\Desktop\putty.exe[/FONT]

[FONT=Calibri][1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ][/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Files Created - No Company Name ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][2012/06/24 22:32:43 | 000,001,933 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk[/FONT]

[FONT=Calibri][2012/06/24 21:46:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[/FONT]

[FONT=Calibri][2012/06/24 21:46:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[/FONT]

[FONT=Calibri][2012/06/24 21:46:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[/FONT]

[FONT=Calibri][2012/06/24 21:46:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[/FONT]

[FONT=Calibri][2012/06/24 21:46:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[/FONT]

[FONT=Calibri][2012/06/24 14:44:11 | 000,302,592 | ---- | C] () -- C:\Users\Jim\Desktop\y7qbdd27.exe[/FONT]

[FONT=Calibri][2012/06/24 13:48:00 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[/FONT]

[FONT=Calibri][2012/06/23 14:22:22 | 000,081,487 | ---- | C] () -- C:\Users\Jim\Documents\Dog House.pdf[/FONT]

[FONT=Calibri][2012/06/15 00:38:20 | 000,002,515 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk[/FONT]

[FONT=Calibri][2012/06/15 00:38:20 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk[/FONT]

[FONT=Calibri][2012/06/15 00:38:20 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk[/FONT]

[FONT=Calibri][2012/06/14 16:29:14 | 000,001,801 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk[/FONT]

[FONT=Calibri][2012/06/13 17:18:57 | 020,975,616 | ---- | C] () -- C:\Users\Jim\Documents\Windows logs - System.evtx[/FONT]

[FONT=Calibri][2012/06/13 17:18:38 | 001,052,672 | ---- | C] () -- C:\Users\Jim\Documents\Windows logs - Setup.evtx[/FONT]

[FONT=Calibri][2012/06/13 16:33:04 | 020,975,616 | ---- | C] () -- C:\Users\Jim\Documents\Windows logs - Security.evtx[/FONT]

[FONT=Calibri][2012/06/13 16:32:36 | 005,312,512 | ---- | C] () -- C:\Users\Jim\Documents\Windows logs - Application.evtx[/FONT]

[FONT=Calibri][2012/06/07 15:32:02 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk[/FONT]

[FONT=Calibri][2012/06/03 13:42:34 | 000,002,421 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirPort Utility.lnk[/FONT]

[FONT=Calibri][2012/04/08 18:27:14 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll[/FONT]

[FONT=Calibri][2012/04/08 18:27:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll[/FONT]

[FONT=Calibri][2012/04/08 18:27:14 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll[/FONT]

[FONT=Calibri][2012/04/06 23:30:22 | 000,006,148 | -H-- | C] () -- C:\Users\Jim\.DS_Store[/FONT]

[FONT=Calibri][2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll[/FONT]

[FONT=Calibri][2012/02/15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat[/FONT]

[FONT=Calibri][2012/02/15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat[/FONT]

[FONT=Calibri][2012/01/11 11:50:49 | 000,002,048 | -HS- | C] () -- C:\Users\Jim\AppData\Local\{1a2525f3-71b7-0b1c-951e-8575828f9120}\@[/FONT]

[FONT=Calibri][2012/01/09 16:14:44 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe[/FONT]

[FONT=Calibri][2011/11/26 14:18:09 | 000,229,452 | ---- | C] () -- C:\Windows\SysWow64\mls_set4.dll[/FONT]

[FONT=Calibri][2011/11/26 14:18:09 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\LMCHART1.dll[/FONT]

[FONT=Calibri][2011/11/26 14:18:09 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\f23dll.dll[/FONT]

[FONT=Calibri][2011/11/26 14:18:09 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\eztw32.dll[/FONT]

[FONT=Calibri][2011/11/26 14:18:09 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\tstream.dll[/FONT]

[FONT=Calibri][2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll[/FONT]

[FONT=Calibri][2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat[/FONT]

[FONT=Calibri][2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat[/FONT]

[FONT=Calibri][2011/08/01 18:47:43 | 000,030,481 | ---- | C] () -- C:\Windows\Ascd_tmp.ini[/FONT]

[FONT=Calibri][2011/08/01 18:03:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin[/FONT]

[FONT=Calibri][2011/07/25 00:05:17 | 000,808,979 | ---- | C] () -- C:\Windows\SysWow64\avcodec-52.84.0.dll[/FONT]

[FONT=Calibri][2011/07/25 00:05:17 | 000,159,251 | ---- | C] () -- C:\Windows\SysWow64\swscale-0.11.1.dll[/FONT]

[FONT=Calibri][2011/07/25 00:05:17 | 000,086,528 | ---- | C] () -- C:\Windows\SysWow64\avformat-52.74.0.dll[/FONT]

[FONT=Calibri][2011/07/25 00:05:17 | 000,070,675 | ---- | C] () -- C:\Windows\SysWow64\avutil-50.22.0.dll[/FONT]

[FONT=Calibri][2011/07/25 00:05:17 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\avcore-0.16.1.dll[/FONT]

[FONT=Calibri][2011/07/22 17:48:55 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\AVC_AP_H264.dll[/FONT]

[FONT=Calibri][2011/07/22 17:48:55 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVC_AP_SCALE.dll[/FONT]

[FONT=Calibri][2011/07/22 17:48:55 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\AVC_AP_JPEG.dll[/FONT]

[FONT=Calibri][2011/07/22 17:48:54 | 000,798,739 | ---- | C] () -- C:\Windows\SysWow64\avcodec-52.77.0.dll[/FONT]

[FONT=Calibri][2011/07/22 17:48:54 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\Deinterlace.dll[/FONT]

[FONT=Calibri][2011/07/22 17:48:54 | 000,159,251 | ---- | C] () -- C:\Windows\SysWow64\swscale-0.11.0.dll[/FONT]

[FONT=Calibri][2011/07/22 17:48:54 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\avformat-52.68.0.dll[/FONT]

[FONT=Calibri][2011/07/22 17:48:54 | 000,070,163 | ---- | C] () -- C:\Windows\SysWow64\avutil-50.19.0.dll[/FONT]

[FONT=Calibri][2011/07/22 17:48:52 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\AVC_H264.dll[/FONT]

[FONT=Calibri][2011/07/22 17:48:52 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\AVC_JPEG.dll[/FONT]

[FONT=Calibri][2011/04/07 10:06:23 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe[/FONT]

[FONT=Calibri][2011/03/26 16:47:18 | 000,036,567 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\Comma Separated Values (Windows).ADR[/FONT]

[FONT=Calibri][2010/12/19 17:38:27 | 000,008,229 | ---- | C] () -- C:\Windows\aiptbl.ini[/FONT]

[FONT=Calibri][2010/12/18 22:41:38 | 000,307,200 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjhcp.dll[/FONT]

[FONT=Calibri][2010/12/18 22:41:37 | 000,298,496 | ---- | C] () -- C:\Windows\SysWow64\lxdjgrd.dll[/FONT]

[FONT=Calibri][2010/11/21 18:15:16 | 000,004,608 | ---- | C] () -- C:\Users\Jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[/FONT]

[FONT=Calibri][2010/07/23 19:09:25 | 000,895,358 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[/FONT]

[FONT=Calibri][2010/01/30 18:01:57 | 000,001,024 | ---- | C] () -- C:\Users\Jim\.rnd[/FONT]

[FONT=Calibri][2009/12/05 01:06:54 | 000,007,604 | ---- | C] () -- C:\Users\Jim\AppData\Local\resmon.resmoncfg[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== LOP Check ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][2011/09/08 17:58:42 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp[/FONT]

[FONT=Calibri][2011/09/08 17:58:42 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Temp[/FONT]

[FONT=Calibri][2011/09/08 17:58:42 | 000,000,000 | ---D | M] -- C:\Users\DefaultAppPool\AppData\Roaming\Temp[/FONT]

[FONT=Calibri][2010/01/02 16:40:39 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Acronis[/FONT]

[FONT=Calibri][2011/04/24 00:00:00 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\AMS[/FONT]

[FONT=Calibri][2011/12/18 15:43:04 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Audacity[/FONT]

[FONT=Calibri][2012/04/12 17:45:21 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Aura YouTube Downloader[/FONT]

[FONT=Calibri][2011/04/27 11:39:49 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Azureus[/FONT]

[FONT=Calibri][2012/01/20 12:41:48 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Babylon[/FONT]

[FONT=Calibri][2011/10/27 14:21:37 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\calibre[/FONT]

[FONT=Calibri][2010/12/20 16:26:04 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Canon[/FONT]

[FONT=Calibri][2009/12/27 15:15:44 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\CD-LabelPrint[/FONT]

[FONT=Calibri][2011/12/16 11:28:05 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1[/FONT]

[FONT=Calibri][2012/04/07 19:39:19 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\DiskAid[/FONT]

[FONT=Calibri][2010/09/23 18:36:00 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\DocumentsToGoDesktop[/FONT]

[FONT=Calibri][2012/01/20 12:59:03 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Foxreal[/FONT]

[FONT=Calibri][2012/04/24 17:48:09 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\FUJIFILM[/FONT]

[FONT=Calibri][2011/04/17 18:25:28 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\GoodSync[/FONT]

[FONT=Calibri][2011/12/01 13:35:38 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\HD Tune Pro[/FONT]

[FONT=Calibri][2011/11/25 18:27:14 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\IObit[/FONT]

[FONT=Calibri][2010/09/26 16:08:47 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Lexmark Imaging Studio[/FONT]

[FONT=Calibri][2011/05/12 18:21:00 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Logia[/FONT]

[FONT=Calibri][2012/03/29 17:23:36 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Macroplant LLC[/FONT]

[FONT=Calibri][2011/09/12 00:00:16 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Macroplant, LLC[/FONT]

[FONT=Calibri][2012/06/22 14:07:08 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\MediaMonkey[/FONT]

[FONT=Calibri][2011/11/26 14:18:32 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\MessLess Collector 8 05425[/FONT]

[FONT=Calibri][2011/06/26 14:55:57 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\NETGEAR Live Parental Controls[/FONT]

[FONT=Calibri][2010/12/05 01:08:10 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Notepad++[/FONT]

[FONT=Calibri][2009/12/05 15:56:18 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\OpenOffice.org[/FONT]

[FONT=Calibri][2012/03/30 11:11:45 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\PDF Software[/FONT]

[FONT=Calibri][2012/04/08 18:38:42 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\PowerUp Software[/FONT]

[FONT=Calibri][2011/05/26 17:48:23 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Purple Ghost Software, Inc[/FONT]

[FONT=Calibri][2012/01/10 12:56:25 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Road Angel[/FONT]

[FONT=Calibri][2011/10/27 11:43:22 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\RoadPilot[/FONT]

[FONT=Calibri][2012/01/09 13:41:08 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\ScanSoft[/FONT]

[FONT=Calibri][2011/04/20 00:06:58 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Temp[/FONT]

[FONT=Calibri][2011/09/29 00:21:45 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\xvision[/FONT]

[FONT=Calibri][2011/02/13 14:21:00 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\AMS[/FONT]

[FONT=Calibri][2010/01/24 16:40:12 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\OpenOffice.org[/FONT]

[FONT=Calibri][2012/06/11 16:12:11 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Purity Check ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Custom Scans ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %SYSTEMDRIVE%\*.* >[/FONT]

[FONT=Calibri][2011/08/01 19:01:05 | 002,097,152 | ---- | M] () -- C:\1101.ROM[/FONT]

[FONT=Calibri][2009/12/05 01:49:56 | 001,048,576 | ---- | M] () -- C:\ASUS 2502 BIOS[/FONT]

[FONT=Calibri][2010/11/20 13:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr[/FONT]

[FONT=Calibri][2009/12/02 02:52:26 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK[/FONT]

[FONT=Calibri][2012/06/24 22:04:42 | 000,030,585 | ---- | M] () -- C:\ComboFix.txt[/FONT]

[FONT=Calibri][2012/06/16 11:26:12 | 000,000,000 | ---- | M] () -- C:\DebugTraceNormal.log[/FONT]

[FONT=Calibri][2012/06/24 22:27:05 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx[/FONT]

[FONT=Calibri][2012/06/24 22:16:21 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys[/FONT]

[FONT=Calibri][2012/06/24 22:15:27 | 000,019,286 | ---- | M] () -- C:\lxdj.log[/FONT]

[FONT=Calibri][2012/06/24 22:16:32 | 4293,058,559 | -HS- | M] () -- C:\pagefile.sys[/FONT]

[FONT=Calibri][2011/08/08 11:18:17 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\psapi.dll[/FONT]

[FONT=Calibri][2011/08/01 19:09:23 | 000,000,068 | -H-- | M] () -- C:\splash.idx[/FONT]

[FONT=Calibri][2012/01/20 12:41:58 | 000,001,491 | ---- | M] () -- C:\user.js[/FONT]

[FONT=Calibri][2010/03/01 17:40:44 | 000,017,232 | -H-- | M] () -- C:\version[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\Fonts\*.com >[/FONT]

[FONT=Calibri][2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont[/FONT]

[FONT=Calibri][2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont[/FONT]

[FONT=Calibri][2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont[/FONT]

[FONT=Calibri][2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\Fonts\*.dll >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\Fonts\*.ini >[/FONT]

[FONT=Calibri][2009/06/10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\Fonts\*.ini2 >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\Fonts\*.exe >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\system32\spool\prtprocs\w32x86\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\REPAIR\*.bak1 >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\REPAIR\*.ini >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\system32\*.jpg >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\*.jpg >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\*.png >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\*.scr >[/FONT]

[FONT=Calibri][2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR[/FONT]

[FONT=Calibri][1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ][/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\*._sy >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %APPDATA%\Adobe\Update\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %ALLUSERSPROFILE%\Favorites\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %APPDATA%\Microsoft\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %PROGRAMFILES%\*.* >[/FONT]

[FONT=Calibri][2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %APPDATA%\Update\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\*. /mp /s >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\System32\config\*.sav >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %PROGRAMFILES%\bak. /s >[/FONT]

[FONT=Calibri][2011/04/03 11:56:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\Bak[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\system32\bak. /s >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\system32\config\systemprofile\*.dat /x >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\*.config >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\system32\*.db >[/FONT]

[FONT=Calibri][2008/03/11 21:30:32 | 000,774,144 | ---- | M] () -- C:\Windows\system32\NEROINSTAEC43759.DB[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >[/FONT]

[FONT=Calibri][2011/03/15 12:44:10 | 000,000,221 | -HS- | M] () -- C:\Users\Jim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %USERPROFILE%\Desktop\*.exe >[/FONT]

[FONT=Calibri][2012/06/24 21:36:44 | 004,567,243 | R--- | M] (Swearware) -- C:\Users\Jim\Desktop\ComboFix.exe[/FONT]

[FONT=Calibri][2012/04/12 11:45:19 | 012,231,456 | ---- | M] (D-Link) -- C:\Users\Jim\Desktop\DNS-323_C1_FW_v1.08_Easysearch_v4.7.0.0.exe[/FONT]

[FONT=Calibri][2008/09/18 19:38:35 | 006,981,048 | ---- | M] (Bethesda Softworks) -- C:\Users\Jim\Desktop\FalloutLauncher.exe[/FONT]

[FONT=Calibri][2012/06/21 14:06:53 | 001,039,736 | ---- | M] (SanDisk Corporation) -- C:\Users\Jim\Desktop\LPInstaller (1).exe[/FONT]

[FONT=Calibri][2012/06/24 13:47:02 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jim\Desktop\mbam-setup-1.61.0.1400.exe[/FONT]

[FONT=Calibri][2012/06/24 23:13:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe[/FONT]

[FONT=Calibri][2012/06/06 23:48:22 | 000,483,328 | ---- | M] (Simon Tatham) -- C:\Users\Jim\Desktop\putty.exe[/FONT]

[FONT=Calibri][2012/06/24 14:44:11 | 000,302,592 | ---- | M] () -- C:\Users\Jim\Desktop\y7qbdd27.exe[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %PROGRAMFILES%\Common Files\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\*.src >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\install\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\system32\DLL\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\system32\HelpFiles\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\tasks\*.* >[/FONT]

[FONT=Calibri][2012/06/24 23:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[/FONT]

[FONT=Calibri][2012/06/24 22:17:38 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[/FONT]

[FONT=Calibri][2012/06/24 23:42:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[/FONT]

[FONT=Calibri][2012/06/24 22:16:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT[/FONT]

[FONT=Calibri][2012/06/11 16:12:11 | 000,032,620 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\system32\rundll\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\winn32\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\Java\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\system32\test\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\system32\Rundll32\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\AppPatch\Custom\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %PROGRAMFILES%\Internet Explorer\*.tmp >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %PROGRAMFILES%\Internet Explorer\*.dat >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %USERPROFILE%\My Documents\*.exe >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %USERPROFILE%\*.exe >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\ADDINS\*.* >[/FONT]

[FONT=Calibri][2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\assembly\*.bak2 >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\Config\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\REPAIR\*.bak2 >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\SECURITY\Database\*.sdb /x >[/FONT]

[FONT=Calibri][2012/04/05 14:29:27 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk[/FONT]

[FONT=Calibri][2012/04/05 14:29:27 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log[/FONT]

[FONT=Calibri][2010/12/14 11:15:30 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs[/FONT]

[FONT=Calibri][2010/12/14 11:15:30 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\SYSTEM\*.bak2 >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\Web\*.bak2 >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\Driver Cache\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %PROGRAMFILES%\Mozilla Firefox\0*.exe >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %ProgramFiles%\Microsoft Common\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %ProgramFiles%\TinyProxy. >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %USERPROFILE%\Favorites\*.url /x >[/FONT]

[FONT=Calibri][2012/02/16 13:13:03 | 000,000,402 | -HS- | M] () -- C:\Users\Jim\Favorites\desktop.ini[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\system32\*.bk >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\*.te >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\system32\system32\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %ALLUSERSPROFILE%\*.dat /x >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\system32\drivers\*.rmv >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< dir /b "%systemroot%\*.exe" | find /I " " /c >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %PROGRAMFILES%\Microsoft\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\System32\Wbem\proquota.exe >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %PROGRAMFILES%\Mozilla Firefox\*.dat >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %USERPROFILE%\Cookies\*.txt /x >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %SystemRoot%\system32\fonts\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\system32\winlog\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\system32\Language\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\system32\Settings\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\system32\*.quo >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %SYSTEMROOT%\AppPatch\*.exe >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %SYSTEMROOT%\inf\*.exe >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %SYSTEMROOT%\Installer\*.exe >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\system32\config\*.bak2 >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\system32\Computers\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %SystemRoot%\system32\Sound\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %SystemRoot%\system32\SpecialImg\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %SystemRoot%\system32\code\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %SystemRoot%\system32\draft\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %SystemRoot%\system32\MSSSys\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %ProgramFiles%\Javascript\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\pchealth\helpctr\System\*.exe /s >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\Web\*.exe >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\system32\msn\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\system32\*.tro >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %AppData%\Microsoft\Installer\msupdates\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %ProgramFiles%\Messenger\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\system32\systhem32\*.* >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< %systemroot%\system\*.exe >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< >[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Alternate Data Streams ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]@Alternate Data Stream - 60 bytes -> C:\Users\Jim\.DS_Store:AFP_AfpInfo[/FONT]

[FONT=Calibri]@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation[/FONT]

[FONT=Calibri]@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation[/FONT]

[FONT=Calibri]@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:96D0C06F[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< End of report >[/FONT]
 
Please do not format your logs as they're harder for me to read.

======================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O2 - BHO: (no name) - {1AD61D5B-58A3-4592-9B34-DC84688FF805} - No CLSID value found.
O2 - BHO: (no name) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No CLSID value found.
O4 - HKU\S-1-5-21-2311616002-3841696132-1286997904-1020..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
[2012/01/11 11:50:49 | 000,002,048 | -HS- | C] () -- C:\Users\Jim\AppData\Local\{1a2525f3-71b7-0b1c-951e-8575828f9120}\@
@Alternate Data Stream - 60 bytes -> C:\Users\Jim\.DS_Store:AFP_AfpInfo
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:96D0C06F

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

===================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Hi Broni
The latest OTL

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1AD61D5B-58A3-4592-9B34-DC84688FF805}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AD61D5B-58A3-4592-9B34-DC84688FF805}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE}\ not found.
Registry value HKEY_USERS\S-1-5-21-2311616002-3841696132-1286997904-1020\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Users\Jim\AppData\Local\{1a2525f3-71b7-0b1c-951e-8575828f9120}\@ moved successfully.
ADS C:\Users\Jim\.DS_Store:AFP_AfpInfo deleted successfully.
Unable to delete ADS C:\Windows\SysWow64\zlib.dll:SummaryInformation .
Unable to delete ADS C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation .
ADS C:\ProgramData\TEMP:96D0C06F deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes

User: Jim
->Temp folder emptied: 468180 bytes
->Temporary Internet Files folder emptied: 99608129 bytes
->Java cache emptied: 48025523 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 9407 bytes

User: Josh
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 86956289 bytes
->Java cache emptied: 12119679 bytes
->Flash cache emptied: 17884 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6840614 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 109604095 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 347.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: DefaultAppPool

User: Jim
->Java cache emptied: 0 bytes

User: Josh
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: DefaultAppPool
->Flash cache emptied: 0 bytes

User: Jim
->Flash cache emptied: 492 bytes

User: Josh
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.0 log created on 06252012_175926
Files\Folders moved on Reboot...
C:\Users\Jim\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Jim\AppData\Local\Temp\~DF3798E6CEA77A5E5C.TMP not found!
File\Folder C:\Users\Jim\AppData\Local\Temp\~DF3CB6F387A60D66EB.TMP not found!
File\Folder C:\Users\Jim\AppData\Local\Temp\~DFA758C2AB59344C46.TMP not found!
File\Folder C:\Users\Jim\AppData\Local\Temp\~DFB15DB9D5CAA6163B.TMP not found!
File\Folder C:\Users\Jim\AppData\Local\Temp\~DFD28C0825BDF86DEC.TMP not found!
File\Folder C:\Users\Jim\AppData\Local\Temp\~DFE63081FB37703C33.TMP not found!
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5VF3IE7\msnuk[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5VF3IE7\rp_tier=0[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URAXLQXC\c=283_rand=203681008_pv=y_age=63_gen=M_p=3032_p=3034_dp=y_rt=ifr[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URAXLQXC\plusone_gadget[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URAXLQXC\tweet_button.1340179658[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URAXLQXC\type_simple_nrmp-zoom-in[1].ico moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URAXLQXC\xframe-proxy_20110929[1].htm moved successfully.
File move failed. C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PXNORP6U\eb_trk=230595;pr=22;xp=34;np=22;uz=PR2%201NQ;fbi=11700;sbi=20697;fbo=11700;sbo=20697;fse=15032;sse=43304;fvi=12576;svi=25298;cg=e81e9c721370a47a44c22dd2fd9c896a[2].htm scheduled to be moved on reboot.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PXNORP6U\like[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PXNORP6U\ms[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6L9CY1T\0[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6L9CY1T\920[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6L9CY1T\xd_arbiter[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0I9KQ9Y\ab[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0I9KQ9Y\ab[2].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0I9KQ9Y\AdDisplayTrackerServlet[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0I9KQ9Y\AdDisplayTrackerServlet[2].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0I9KQ9Y\xd_arbiter[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQHLWA8H\hub[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQHLWA8H\MSNLiveTwitterIntegration[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTXU5HZ8\dis[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTXU5HZ8\dis[2].htm moved successfully.
File move failed. C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTXU5HZ8\eb_trk=165100;pr=22;xp=34;np=22;uz=PR2%201NQ;fbi=11700;sbi=20697;fbo=11700;sbo=20697;fse=15032;sse=43304;fvi=12576;svi=25298;cg=e81e9c721370a47a44c22dd2fd9c896a[2].htm scheduled to be moved on reboot.
File move failed. C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTXU5HZ8\eb_trk=230594;pr=22;xp=34;np=22;uz=PR2%201NQ;fbi=11700;sbi=20697;fbo=11700;sbo=20697;fse=15032;sse=43304;fvi=12576;svi=25298;cg=e81e9c721370a47a44c22dd2fd9c896a[1].htm scheduled to be moved on reboot.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTXU5HZ8\fastbutton[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTXU5HZ8\fc[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTXU5HZ8\like[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTXU5HZ8\oauth[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTXU5HZ8\product_storeId_10001_catalogId_10151_productId_377059_langId_-1_categoryId_165716[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTXU5HZ8\questions[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTXU5HZ8\reviews[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTXU5HZ8\st[1] moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTXU5HZ8\xd_arbiter[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A7OOB7HZ\0[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A7OOB7HZ\0[2].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A7OOB7HZ\0[3].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A7OOB7HZ\sh090[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WFGQTAG\contact[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WFGQTAG\stockCheckerTemporaryIframeSrc[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WFGQTAG\st[1] moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WFGQTAG\viewforum[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7D3SZYPC\ancestry_co_uk[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7D3SZYPC\ext-render-secure[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48ERAD0I\activityi;src=2921867;type=homep811;cat=ances602;ord=7994520077879.305;~oref=http___www.ancestry.co[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48ERAD0I\home;kw=ukhptest1;sz=300x250;ord=2566322995144537[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48ERAD0I\hub[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48ERAD0I\I[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48ERAD0I\tmpageid=18&levyouruid=0[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48ERAD0I\xframe-proxy_20110929[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48ERAD0I\_;mtfIFrameRequest=false;ord=1340629513541492[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FFK27SM\425x600_15_8d_Adtech[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FFK27SM\home3[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FFK27SM\launch[1].htm moved successfully.
File\Folder C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FFK27SM\uk_msn_com[1].htm not found!
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DTG5VEC\0[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DTG5VEC\adoapn_AppNexusDemoActionTag_1[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DTG5VEC\adoapn_AppNexusDemoActionTag_1[2].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\182N8C8K\01[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\182N8C8K\0[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\182N8C8K\0[2].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\182N8C8K\2981[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\182N8C8K\csc-render[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\182N8C8K\home_bt_yahoo_com[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\182N8C8K\like[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\182N8C8K\rp_tier=25[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\182N8C8K\YoungOldUn[1].htm moved successfully.
File\Folder C:\Windows\temp\TMP0001FE5F71521757A64E07AC not found!
File\Folder C:\Windows\temp\TMP000205712F0DCD4D360CC9D8 not found!
File\Folder C:\Windows\temp\TMP000207592D3347CB7FFC5DF2 not found!
File\Folder C:\Windows\temp\TMP00020764B1A82814BD2C791A not found!
File\Folder C:\Windows\temp\TMP00020768D1C191D68B5597E5 not found!
File\Folder C:\Windows\temp\TMP0002076F265A543D2410A6D4 not found!
File\Folder C:\Windows\temp\TMP0002077135440D9B5D1FAA3C not found!
File\Folder C:\Windows\temp\TMP0002077B528A6F4BE28072A2 not found!
File\Folder C:\Windows\temp\TMP00020786E7844E1CE1DB891A not found!
File\Folder C:\Windows\temp\TMP0002078762F3558A2C73C20A not found!
File\Folder C:\Windows\temp\TMP00020788A89A0A8A50B86ABF not found!
File\Folder C:\Windows\temp\TMP0002078A396CB7C26A9D200A not found!
File\Folder C:\Windows\temp\TMP0002078B7EF6B577085D59AC not found!
PendingFileRenameOperations files...
File C:\Users\Jim\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Jim\AppData\Local\Temp\~DF3798E6CEA77A5E5C.TMP not found!
File C:\Users\Jim\AppData\Local\Temp\~DF3CB6F387A60D66EB.TMP not found!
File C:\Users\Jim\AppData\Local\Temp\~DFA758C2AB59344C46.TMP not found!
File C:\Users\Jim\AppData\Local\Temp\~DFB15DB9D5CAA6163B.TMP not found!
File C:\Users\Jim\AppData\Local\Temp\~DFD28C0825BDF86DEC.TMP not found!
File C:\Users\Jim\AppData\Local\Temp\~DFE63081FB37703C33.TMP not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5VF3IE7\msnuk[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5VF3IE7\rp_tier=0[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URAXLQXC\c=283_rand=203681008_pv=y_age=63_gen=M_p=3032_p=3034_dp=y_rt=ifr[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URAXLQXC\plusone_gadget[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URAXLQXC\tweet_button.1340179658[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URAXLQXC\type_simple_nrmp-zoom-in[1].ico not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URAXLQXC\xframe-proxy_20110929[1].htm not found!
[2012/06/25 14:23:56 | 000,001,350 | ---- | M] () C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PXNORP6U\eb_trk=230595;pr=22;xp=34;np=22;uz=PR2%201NQ;fbi=11700;sbi=20697;fbo=11700;sbo=20697;fse=15032;sse=43304;fvi=12576;svi=25298;cg=e81e9c721370a47a44c22dd2fd9c896a[2].htm : MD5=3BAA97DE45D39722F941756020A24F3B
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PXNORP6U\like[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PXNORP6U\ms[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6L9CY1T\0[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6L9CY1T\920[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6L9CY1T\xd_arbiter[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0I9KQ9Y\ab[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0I9KQ9Y\ab[2].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0I9KQ9Y\AdDisplayTrackerServlet[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0I9KQ9Y\AdDisplayTrackerServlet[2].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0I9KQ9Y\xd_arbiter[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQHLWA8H\hub[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQHLWA8H\MSNLiveTwitterIntegration[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTXU5HZ8\dis[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTXU5HZ8\dis[2].htm not found!
[2012/06/25 14:23:56 | 000,000,480 | ---- | M] () C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTXU5HZ8\eb_trk=165100;pr=22;xp=34;np=22;uz=PR2%201NQ;fbi=11700;sbi=20697;fbo=11700;sbo=20697;fse=15032;sse=43304;fvi=12576;svi=25298;cg=e81e9c721370a47a44c22dd2fd9c896a[2].htm : MD5=3198AAF54FC9F1BDBF91448644DA1F46
[2012/06/25 14:23:56 | 000,001,347 | ---- | M] () C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTXU5HZ8\eb_trk=230594;pr=22;xp=34;np=22;uz=PR2%201NQ;fbi=11700;sbi=20697;fbo=11700;sbo=20697;fse=15032;sse=43304;fvi=12576;svi=25298;cg=e81e9c721370a47a44c22dd2fd9c896a[1].htm : MD5=949D9FF7441A63AC658B8B6D6C47F95D
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTXU5HZ8\fastbutton[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTXU5HZ8\fc[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTXU5HZ8\like[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTXU5HZ8\oauth[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTXU5HZ8\product_storeId_10001_catalogId_10151_productId_377059_langId_-1_categoryId_165716[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTXU5HZ8\questions[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTXU5HZ8\reviews[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTXU5HZ8\st[1] not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTXU5HZ8\xd_arbiter[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A7OOB7HZ\0[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A7OOB7HZ\0[2].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A7OOB7HZ\0[3].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A7OOB7HZ\sh090[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WFGQTAG\contact[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WFGQTAG\stockCheckerTemporaryIframeSrc[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WFGQTAG\st[1] not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WFGQTAG\viewforum[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7D3SZYPC\ancestry_co_uk[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7D3SZYPC\ext-render-secure[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48ERAD0I\activityi;src=2921867;type=homep811;cat=ances602;ord=7994520077879.305;~oref=http___www.ancestry.co[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48ERAD0I\home;kw=ukhptest1;sz=300x250;ord=2566322995144537[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48ERAD0I\hub[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48ERAD0I\I[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48ERAD0I\tmpageid=18&levyouruid=0[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48ERAD0I\xframe-proxy_20110929[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48ERAD0I\_;mtfIFrameRequest=false;ord=1340629513541492[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FFK27SM\425x600_15_8d_Adtech[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FFK27SM\home3[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FFK27SM\launch[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FFK27SM\uk_msn_com[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DTG5VEC\0[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DTG5VEC\adoapn_AppNexusDemoActionTag_1[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DTG5VEC\adoapn_AppNexusDemoActionTag_1[2].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\182N8C8K\01[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\182N8C8K\0[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\182N8C8K\0[2].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\182N8C8K\2981[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\182N8C8K\csc-render[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\182N8C8K\home_bt_yahoo_com[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\182N8C8K\like[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\182N8C8K\rp_tier=25[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\182N8C8K\YoungOldUn[1].htm not found!
File C:\Windows\temp\TMP0001FE5F71521757A64E07AC not found!
File C:\Windows\temp\TMP000205712F0DCD4D360CC9D8 not found!
File C:\Windows\temp\TMP000207592D3347CB7FFC5DF2 not found!
File C:\Windows\temp\TMP00020764B1A82814BD2C791A not found!
File C:\Windows\temp\TMP00020768D1C191D68B5597E5 not found!
File C:\Windows\temp\TMP0002076F265A543D2410A6D4 not found!
File C:\Windows\temp\TMP0002077135440D9B5D1FAA3C not found!
File C:\Windows\temp\TMP0002077B528A6F4BE28072A2 not found!
File C:\Windows\temp\TMP00020786E7844E1CE1DB891A not found!
File C:\Windows\temp\TMP0002078762F3558A2C73C20A not found!
File C:\Windows\temp\TMP00020788A89A0A8A50B86ABF not found!
File C:\Windows\temp\TMP0002078A396CB7C26A9D200A not found!
File C:\Windows\temp\TMP0002078B7EF6B577085D59AC not found!
Registry entries deleted on Reboot...
Please note :- After OTL had run and rebooted the computer, MS Security Essentials ran and detected virus:Win64/Sirefef.B. I have quarrantined this file.

Security Check Checkup.txt file -

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 11.3.300.262
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
IObit IObit Malware Fighter IMFsrv.exe
``````````End of Log````````````
Farbar Service Scanner (FSS) FSS.txt -

Farbar Service Scanner Version: 24-06-2012 01
Ran by Jim (administrator) on 25-06-2012 at 18:49:53
Running from "C:\Users\Jim\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

I will post the results of the Eset online scanner when it has completed its run. At the moment it has been scanning for 4 hours 12 minutes and is reporting 16 infected files.

Thanks for the help so far.
Jim
 
Result of ESET Scan -

C:\Users\Jim\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\Jim\Downloads\imf-setup (1).exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\Jim\Downloads\imf-setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\15857c6.msi a variant of Win32/Toolbar.Widgi application deleted - quarantined
F:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
F:\Program Files (x86)\IObit Toolbar\IE\5.8\iobitToolbarIE.dll a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
F:\Users\Jim\Downloads\asc-setup (1).exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
F:\Users\Jim\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
F:\Users\Jim\Downloads\imf-setup (1).exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
F:\Users\Jim\Downloads\imf-setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
F:\Windows\Installer\6af25.msi a variant of Win32/Toolbar.Widgi application deleted - quarantined
G:\DESKTOP\Backup Set 2012-06-18 184709\Backup Files 2012-06-18 184709\Backup files 77.zip Java/Exploit.CVE-2012-0507.BR trojan deleted - quarantined
G:\DESKTOP\Backup Set 2012-06-18 184709\Backup Files 2012-06-18 184709\Backup files 78.zip a variant of Win32/Toolbar.Widgi application deleted - quarantined
G:\DESKTOP\Backup Set 2012-06-18 184709\Backup Files 2012-06-18 184709\Backup files 80.zip a variant of Win32/Toolbar.Widgi application deleted - quarantined
G:\DESKTOP\Backup Set 2012-06-18 184709\Backup Files 2012-06-18 184709\Backup files 81.zip a variant of Win32/InstallCore.F application deleted - quarantined
G:\DESKTOP\Backup Set 2012-06-18 184709\Backup Files 2012-06-24 190003\Backup files 1.zip Java/Exploit.CVE-2012-0507.BR trojan deleted - quarantined
 
1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

==================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
Final OTL log -

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jim
->Temp folder emptied: 710250 bytes
->Temporary Internet Files folder emptied: 84730915 bytes
->Java cache emptied: 2027 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: Josh
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2336 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 81.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: DefaultAppPool
->Flash cache emptied: 0 bytes

User: Jim
->Flash cache emptied: 0 bytes

User: Josh
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: DefaultAppPool

User: Jim
->Java cache emptied: 0 bytes

User: Josh
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.0 log created on 06262012_005322
Files\Folders moved on Reboot...
C:\Users\Jim\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Jim\AppData\Local\Temp\REG48A9.tmp moved successfully.
C:\Users\Jim\AppData\Local\Temp\REG4965.tmp moved successfully.
C:\Users\Jim\AppData\Local\Temp\REG4A10.tmp moved successfully.
C:\Users\Jim\AppData\Local\Temp\REG4A20.tmp moved successfully.
C:\Users\Jim\AppData\Local\Temp\REG4A21.tmp moved successfully.
C:\Users\Jim\AppData\Local\Temp\REG4A22.tmp moved successfully.
C:\Users\Jim\AppData\Local\Temp\REG8D96.tmp moved successfully.
File\Folder C:\Users\Jim\AppData\Local\Temp\~DF1FC03F5A99B9B272.TMP not found!
File\Folder C:\Users\Jim\AppData\Local\Temp\~DF46EFF3DCE9DAB86F.TMP not found!
File\Folder C:\Users\Jim\AppData\Local\Temp\~DFA4319A7169BA275E.TMP not found!
File\Folder C:\Users\Jim\AppData\Local\Temp\~DFBC1A72654925A3E7.TMP not found!
File\Folder C:\Users\Jim\AppData\Local\Temp\~DFF6CBE48B2B5B97F3.TMP not found!
File\Folder C:\Users\Jim\AppData\Local\Temp\~DFF97CC726186E1552.TMP not found!
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\0[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\0[2].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\0[3].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\0[4].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\2981[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\ab[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\ads[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\ancestry_co_uk[2].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\index[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\launch[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\msnuk[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\type_simple_nrmp-zoom-in[1].ico moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\uk_msn_com[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\xd_arbiter[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\YoungOldUn[2].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1WN03X4\01[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1WN03X4\abmw[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1WN03X4\ads[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1WN03X4\csc-render[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1WN03X4\home;kw=ukhptest1;sz=300x250;ord=848691286161867[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1WN03X4\likebox[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1WN03X4\like[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1WN03X4\MSNLiveTwitterIntegration[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1WN03X4\rp_tier=25[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1WN03X4\r[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIKUREZM\20747;296061;201;jsiframe;Yahoo;120x600JohnLewisExperianDataAcornSegmentAE40MinDriveTime[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIKUREZM\ext-render-secure[2].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIKUREZM\fc[10].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIKUREZM\rp_tier=0[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIKUREZM\st[1] moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIKUREZM\_;mtfIFrameRequest=false;ord=1340668329334109[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZE841TP\0[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZE841TP\activityi;src=2921867;type=homep811;cat=ances602;ord=183381770476.81815;~oref=http___www.ancestry.co[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZE841TP\c=283_rand=202922731_pv=y_age=63_gen=M_p=3032_p=3034_dp=y_rt=ifr[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZE841TP\home_bt_yahoo_com[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZE841TP\oauth[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZE841TP\plusone_gadget[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZE841TP\tmpageid=18&levyouruid=0[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZE841TP\xd_arbiter[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZE841TP\xd_arbiter[2].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZE841TP\xframe-proxy_20110929[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZE841TP\xframe-proxy_20110929[2].htm moved successfully.
PendingFileRenameOperations files...
File C:\Users\Jim\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Jim\AppData\Local\Temp\REG48A9.tmp not found!
File C:\Users\Jim\AppData\Local\Temp\REG4965.tmp not found!
File C:\Users\Jim\AppData\Local\Temp\REG4A10.tmp not found!
File C:\Users\Jim\AppData\Local\Temp\REG4A20.tmp not found!
File C:\Users\Jim\AppData\Local\Temp\REG4A21.tmp not found!
File C:\Users\Jim\AppData\Local\Temp\REG4A22.tmp not found!
File C:\Users\Jim\AppData\Local\Temp\REG8D96.tmp not found!
File C:\Users\Jim\AppData\Local\Temp\~DF1FC03F5A99B9B272.TMP not found!
File C:\Users\Jim\AppData\Local\Temp\~DF46EFF3DCE9DAB86F.TMP not found!
File C:\Users\Jim\AppData\Local\Temp\~DFA4319A7169BA275E.TMP not found!
File C:\Users\Jim\AppData\Local\Temp\~DFBC1A72654925A3E7.TMP not found!
File C:\Users\Jim\AppData\Local\Temp\~DFF6CBE48B2B5B97F3.TMP not found!
File C:\Users\Jim\AppData\Local\Temp\~DFF97CC726186E1552.TMP not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\0[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\0[2].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\0[3].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\0[4].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\2981[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\ab[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\ads[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\ancestry_co_uk[2].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\index[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\launch[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\msnuk[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\type_simple_nrmp-zoom-in[1].ico not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\uk_msn_com[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\xd_arbiter[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBS06KNR\YoungOldUn[2].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1WN03X4\01[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1WN03X4\abmw[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1WN03X4\ads[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1WN03X4\csc-render[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1WN03X4\home;kw=ukhptest1;sz=300x250;ord=848691286161867[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1WN03X4\likebox[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1WN03X4\like[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1WN03X4\MSNLiveTwitterIntegration[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1WN03X4\rp_tier=25[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1WN03X4\r[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIKUREZM\20747;296061;201;jsiframe;Yahoo;120x600JohnLewisExperianDataAcornSegmentAE40MinDriveTime[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIKUREZM\ext-render-secure[2].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIKUREZM\fc[10].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIKUREZM\rp_tier=0[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIKUREZM\st[1] not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIKUREZM\_;mtfIFrameRequest=false;ord=1340668329334109[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZE841TP\0[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZE841TP\activityi;src=2921867;type=homep811;cat=ances602;ord=183381770476.81815;~oref=http___www.ancestry.co[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZE841TP\c=283_rand=202922731_pv=y_age=63_gen=M_p=3032_p=3034_dp=y_rt=ifr[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZE841TP\home_bt_yahoo_com[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZE841TP\oauth[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZE841TP\plusone_gadget[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZE841TP\tmpageid=18&levyouruid=0[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZE841TP\xd_arbiter[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZE841TP\xd_arbiter[2].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZE841TP\xframe-proxy_20110929[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZE841TP\xframe-proxy_20110929[2].htm not found!
Registry entries deleted on Reboot...
Thanks for all of your help and patience.
Jim
 
Hi Broni

My PC has been running for about 5 hours to-day. I have done a full scan to the system using MS security essentials which did not show any problems.
I installed all of your recommended software (WOT, FileHippo, PSI etc) last night and will run a weekly check on the system. I did notice that while booting Win7 today, that it seemed to 'stutter' for about a minute as the windows logo appeared. I will continue monitoring and keep you updated until I am satisfied that all is well.

I have run a PC since the 1980's and I cannot remember another time when I have 'caught' a virus. I am still not sure how this one managed to circumvent my firewalls and Virus checker. I read How did I get infected?, With steps so it does not happen again! and have always used the methods described. The only way I can think is when my computer has been used by other family members, which will not happen again.

Thanks
Jim
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
785
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back