Solved Incredibar, not to sure if I've removed it all

[tedus987]

Ok, I've built a new computer and within a couple of days ended up getting a virus infection. the reasion for this is that I went to download and install paint.NET. not knowing that the 'download now' button wasn't for paint'.net but for malisions software.

I ran both spybot and malwarebytes and they removed sevral items... I then uninstalled the incredibar from the start menu, then from add or remove programs, then did a search for anything created that day and removed anything that looked like an incredibar thing. and removed the addons from IE, Crome and Mozzila.

it's been 3 days since and I'm not to sure if I'm in the clear, spybot notified me that it's immunization wasn't on mozilla (could have been to me removing all history and clearing the cookie cashe) and every day my PC keeps telling me it has something plugged in to the front speker jack of my computer. "what device did you just plug in." even thought I have nothing plugged in.

oth spybot and Malwarebytes are telling me I'm clean but I'm not to sure.

I'll post a log of todays malware bytes scan

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.31.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Luke :: LUKE-PC-BUILD2 [administrator]

31/01/2013 07:16:48
mbam-log-2013-01-31 (07-16-48).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 386560
Time elapsed: 22 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

---------------

and I'll run the other thing straight away after this post, my main goal is ti find out if I've cleaned my PC.

 

[tedus987]

And here's the DDS

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 24/01/2013 15:36:01
System Uptime: 31/01/2013 07:10:17 (8 hours ago)
.
Motherboard: MSI | | 990FXA-GD65 (MS-7640)
Processor: AMD FX(tm)-6200 Six-Core Processor | CPU 1 | 3800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 848.433 GiB free.
D: is FIXED (NTFS) - 3726 GiB total, 3691.106 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&198C2624&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&198C2624&0
Service: i8042prt
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&198C2624&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&198C2624&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP14: 25/01/2013 21:58:20 - Windows Update
RP15: 25/01/2013 22:11:17 - Windows Update
RP16: 25/01/2013 22:13:04 - Windows Update
RP17: 25/01/2013 22:41:42 - Windows Update
RP18: 25/01/2013 22:46:35 - Windows Update
RP19: 25/01/2013 22:53:23 - Windows Update
RP20: 27/01/2013 17:35:58 - Windows Update
RP21: 27/01/2013 18:37:32 - Installed Steam
RP22: 29/01/2013 16:31:27 - Installed DirectX
RP23: 29/01/2013 16:47:24 - Installed DirectX
RP25: 30/01/2013 17:28:05 - Paint.NET v3.5.10
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader 9
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AVG Security Toolbar
Back to the Future: Ep 1 - It's About Time
Back to the Future: Ep 2 - Get Tannen!
Back to the Future: Ep 3 - Citizen Brown
Back to the Future: Ep 4 - Double Visions
Back to the Future: Ep 5 - OUTATIME
Catalyst Control Center
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Creative System Information
CyberLink BD_3D Advisor 2.0
CyberLink LabelPrint 2.5
CyberLink Media Suite 10
CyberLink MediaEspresso 6.5
CyberLink MediaShow 6
CyberLink Power2Go 7
CyberLink PowerDVD 10
CyberLink PowerProducer 5.5
Dolby Digital Live Pack
EVGA Precision X 3.0.3
Google Chrome
Google Update Helper
LG ODD Auto Firmware Update
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Mozilla Firefox 18.0.1 (x86 en-GB)
Mozilla Maintenance Service
NVIDIA 3D Vision Controller Driver 306.97
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
Paint.NET v3.5.10
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Sound Blaster Recon3D PCIe
Sound Blaster Recon3D PCIe Extras
Spybot - Search & Destroy
Star Wars Knights of the Old Republic
Star Wars Knights of the Old Republic II - The Sith Lords
Star Wars: The Old Republic
Steam
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
ZoneAlarm Antivirus
ZoneAlarm DataLock
ZoneAlarm Do Not Track Add-on 2.2.5.1213
ZoneAlarm Extreme Security
ZoneAlarm Firewall
ZoneAlarm LTD Toolbar
ZoneAlarm Security
ZoneAlarm Security Toolbar
.
==== Event Viewer Messages From Past Week ========
.
27/01/2013 19:51:20, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
27/01/2013 19:51:20, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27/01/2013 17:23:46, Error: Service Control Manager [7030] - The TrueVector Internet Monitor service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
25/01/2013 22:50:09, Error: Service Control Manager [7034] - The Sound Blaster Service service terminated unexpectedly. It has done this 1 time(s).
25/01/2013 22:50:09, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).
25/01/2013 22:50:09, Error: Service Control Manager [7034] - The Creative Audio Service service terminated unexpectedly. It has done this 1 time(s).
25/01/2013 22:50:08, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).
25/01/2013 22:50:08, Error: Service Control Manager [7031] - The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
25/01/2013 22:40:22, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2799329).
25/01/2013 22:37:48, Error: Service Control Manager [7023] -
25/01/2013 22:15:54, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2750841).
25/01/2013 22:15:54, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2757638).
25/01/2013 22:15:49, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2709630).
25/01/2013 22:15:49, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2541014).
25/01/2013 22:15:49, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2509553).
25/01/2013 22:15:40, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2770660).
25/01/2013 22:15:40, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2758857).
25/01/2013 22:15:35, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2749655).
25/01/2013 22:15:35, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2732059).
25/01/2013 22:15:35, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2785220).
25/01/2013 22:15:35, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2604115).
25/01/2013 22:15:30, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2488113).
25/01/2013 22:15:30, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2536275).
25/01/2013 22:15:10, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2729452).
25/01/2013 22:15:01, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2645640).
25/01/2013 22:15:01, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2742599).
25/01/2013 22:14:55, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2762895).
25/01/2013 22:14:55, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2726535).
25/01/2013 22:14:55, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2699779).
25/01/2013 22:14:55, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2506014).
25/01/2013 22:14:55, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).
25/01/2013 22:14:55, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2743555).
25/01/2013 22:14:55, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2727528).
25/01/2013 22:14:55, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2706045).
25/01/2013 22:14:55, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2690533).
25/01/2013 22:14:30, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2786081).
25/01/2013 22:14:30, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2761217).
25/01/2013 22:14:30, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2778930).
25/01/2013 22:14:30, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2659262).
25/01/2013 22:14:17, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2732500).
25/01/2013 22:14:17, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2506928).
25/01/2013 22:14:17, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2705219).
25/01/2013 22:14:12, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2654428).
25/01/2013 22:14:12, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2544893).
25/01/2013 22:14:12, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2491683).
25/01/2013 22:14:12, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2656411).
25/01/2013 22:07:06, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007041d: Windows Update Setup Handler.
.
==== End Of File ===========================

 

[Jay Pfoutz]

Hi there!

ComboFix scan

Please download ComboFix

by sUBs
From TechSpot

Direct Link (alternative)

Please save the file to your Desktop.

Important information about ComboFix


After the download:

• Close any open browsers.
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

• Double click on ComboFix.exe & follow the prompts.
• When ComboFix finishes, it will produce a report for you.
• Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

 

[tedus987]

Ok, my active firewall and anti virus are zone alarm, disabled them to run combofix.

 

[tedus987]

Right how many stages dose combo fix have, it's currently on stage 4... having to use my old PC because I disconnected my new one to run combo fix.

edit: I meant to say it's currently saying 'completed stage 4' but I've been waiting half an hour and it hasn't moved since.

ok, been a couple of hours gonna try in safe mode from a CD.

 

[tedus987]

Solved ran perfectly in safe mode

combo fix logs

ComboFix 13-01-31.03 - Luke 31/01/2013 19:51:04.2.6 - x64 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.32738.30415 [GMT 0:00]
Running from: c:\users\Luke\Desktop\ComboFix.exe
AV: ZoneAlarm Free Firewall Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Free Firewall Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\tmp3830.tmp
c:\windows\SysWow64\tmp39D6.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-31 )))))))))))))))))))))))))))))))
.
.
2013-01-31 19:53 . 2013-01-31 19:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-30 17:28 . 2013-01-30 17:28 -------- d-----w- c:\program files\Paint.NET
2013-01-29 17:27 . 2013-01-29 17:27 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-29 17:27 . 2013-01-29 17:27 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-29 17:27 . 2013-01-29 17:27 -------- d-----w- c:\windows\SysWow64\Macromed
2013-01-29 17:27 . 2013-01-29 17:27 -------- d-----w- c:\windows\system32\Macromed
2013-01-29 17:16 . 2013-01-29 17:16 450 ----a-w- C:\user.js
2013-01-29 15:14 . 2013-01-15 02:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{63A718F7-5265-4E0F-960F-150194B16483}\mpengine.dll
2013-01-27 21:01 . 2013-01-27 21:01 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2013-01-27 21:00 . 2013-01-27 21:00 -------- d-----w- c:\users\hedev
2013-01-27 18:37 . 2013-01-29 15:26 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-01-27 18:34 . 2013-01-27 18:34 -------- d-----w- c:\programdata\AVG Secure Search
2013-01-27 18:33 . 2013-01-30 16:09 37720 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-01-27 18:33 . 2013-01-30 16:10 -------- d-----w- c:\program files (x86)\AVG Secure Search
2013-01-27 18:33 . 2013-01-30 16:09 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2013-01-27 18:24 . 2013-01-27 18:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-27 18:24 . 2013-01-27 18:26 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2013-01-27 18:19 . 2013-01-27 18:19 -------- d-----w- c:\programdata\Malwarebytes
2013-01-27 18:19 . 2013-01-27 18:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-27 18:19 . 2012-12-14 16:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-27 18:10 . 2012-11-15 21:06 89432 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-01-27 18:10 . 2012-11-15 21:06 611160 ----a-w- c:\windows\system32\drivers\klif.sys
2013-01-27 18:05 . 2013-01-27 18:05 -------- d-----w- c:\program files (x86)\DoNotTrackPlus
2013-01-27 17:39 . 2013-01-27 17:39 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2013-01-27 17:23 . 2013-01-27 17:23 -------- d-----w- c:\program files\CheckPoint
2013-01-27 17:21 . 2013-01-27 17:21 -------- d-----w- c:\program files (x86)\Check Point Software Technologies LTD
2013-01-27 17:21 . 2013-01-27 17:23 -------- d-----w- c:\program files (x86)\CheckPoint
2013-01-27 17:21 . 2013-01-27 17:21 -------- d-----w- c:\programdata\CheckPoint
2013-01-25 22:53 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2013-01-25 22:53 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2013-01-25 22:53 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-01-25 22:51 . 2013-01-25 22:51 -------- d-----w- c:\users\Public\Creative
2013-01-25 22:46 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-25 22:46 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-01-25 22:46 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-01-25 22:46 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-01-25 22:46 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-01-25 22:46 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-01-25 22:46 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-01-25 22:46 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-01-25 22:46 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-01-25 22:43 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2013-01-25 22:43 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2013-01-25 22:43 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-25 22:43 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-25 22:43 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2013-01-25 22:43 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-01-25 22:43 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-01-25 22:43 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-25 22:43 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-01-25 22:42 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2013-01-25 22:42 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2013-01-25 22:42 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2013-01-25 22:42 . 2013-01-25 22:42 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-01-25 22:42 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2013-01-25 22:42 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2013-01-25 22:40 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2013-01-25 22:40 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2013-01-25 22:40 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2013-01-25 22:40 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2013-01-25 22:40 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2013-01-25 22:40 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2013-01-25 22:40 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2013-01-25 22:40 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2013-01-25 22:40 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2013-01-25 22:40 . 2013-01-25 22:40 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-01-25 22:39 . 2013-01-25 22:41 -------- d-----w- c:\program files (x86)\Google
2013-01-25 22:35 . 2013-01-25 22:35 -------- d-----w- c:\windows\SysWow64\Wat
2013-01-25 22:35 . 2013-01-25 22:35 -------- d-----w- c:\windows\system32\Wat
2013-01-25 22:23 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-01-25 22:23 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-01-25 22:23 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-01-25 22:23 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-01-25 22:23 . 2012-12-16 17:31 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-25 22:18 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2013-01-25 22:14 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-01-25 22:12 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
2013-01-25 22:09 . 2012-12-07 13:20 441856 ----a-w- c:\windows\system32\Wpc.dll
2013-01-25 22:08 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-01-25 22:07 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2013-01-25 22:07 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2013-01-25 21:58 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2013-01-25 21:58 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-01-25 21:58 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2013-01-25 21:58 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2013-01-25 21:58 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2013-01-25 21:58 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2013-01-25 21:58 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2013-01-25 21:58 . 2012-06-02 15:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2013-01-25 21:58 . 2012-06-02 15:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2013-01-25 21:54 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2013-01-25 21:48 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2013-01-25 21:48 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2013-01-25 21:48 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2013-01-25 21:48 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2013-01-25 21:48 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2013-01-25 21:47 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2013-01-25 07:15 . 2013-01-24 15:36 -------- d-----w- c:\windows\Panther
2013-01-24 18:02 . 2013-01-24 18:02 -------- d-----w- c:\users\Public\CyberLink
2013-01-24 17:44 . 2012-07-11 13:18 23664 ----a-w- c:\windows\SysWow64\lgfwunis.exe
2013-01-24 17:44 . 2001-08-29 21:00 59904 ----a-w- c:\windows\SysWow64\wbemdisp.tlb
2013-01-24 17:44 . 1998-07-22 00:00 102912 ----a-w- c:\windows\SysWow64\Vb6stkit.dll
2013-01-24 17:44 . 1998-07-22 00:00 102160 ----a-w- c:\windows\SysWow64\VB6KO.DLL
2013-01-24 17:44 . 1998-06-24 00:00 115016 ----a-w- c:\windows\SysWow64\MSINET.OCX
2013-01-24 17:44 . 2013-01-29 18:10 -------- d-----w- c:\program files (x86)\lg_fwupdate
2013-01-24 17:42 . 2013-01-24 17:42 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2013-01-24 17:42 . 2013-01-24 17:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-01-24 17:42 . 2013-01-24 17:42 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-01-24 17:38 . 2013-01-24 17:45 -------- d-----w- c:\programdata\install_clap
2013-01-24 17:37 . 2013-01-24 17:45 -------- d-----w- c:\program files (x86)\CyberLink
2013-01-24 17:37 . 2013-01-24 17:37 -------- d-----w- c:\programdata\CLSK
2013-01-24 17:37 . 2013-01-24 18:02 -------- d-----w- c:\programdata\CyberLink
2013-01-24 16:34 . 2013-01-25 22:49 -------- d-----w- c:\programdata\Creative
2013-01-24 16:28 . 2000-05-11 01:00 90112 ------w- c:\windows\Updreg.EXE
2013-01-24 16:28 . 2013-01-24 16:28 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2013-01-24 16:28 . 2013-01-24 16:28 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-01-24 16:28 . 2013-01-24 16:28 123480 ----a-w- c:\windows\system32\OpenAL32.dll
2013-01-24 16:28 . 2013-01-24 16:28 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-01-24 16:28 . 2011-11-14 15:23 1943040 ------w- c:\windows\system32\Sens_oal.dll
2013-01-24 16:20 . 2013-01-24 16:21 -------- d-----w- c:\program files (x86)\EVGA Precision X
2013-01-24 16:15 . 2013-01-31 07:10 -------- d-----w- c:\programdata\NVIDIA
2013-01-24 16:15 . 2013-01-25 22:53 -------- d-----w- c:\users\UpdatusUser
2013-01-24 16:13 . 2013-01-24 16:13 -------- d-----w- C:\NVIDIA
2013-01-24 16:11 . 2013-01-24 16:11 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2013-01-24 16:10 . 2013-01-24 16:10 -------- d-----w- c:\program files (x86)\Common Files\Adobe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 11:49 . 2012-12-13 11:49 450136 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2012-11-30 04:45 . 2013-01-25 22:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-01-30 16:09 1883824 ----a-w- c:\program files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll" [2013-01-30 1883824]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Steam"="d:\installed games\Steam\Steam.exe" [2013-01-27 1354736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Sound Blaster Recon3D PCIe Control Panel"="c:\program files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe" [2011-11-14 880128]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2011-03-09 107816]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-05-09 78312]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2012-04-17 223096]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2012-07-12 27760]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-01-23 73832]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-01-30 1101488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2013/01/24 17:43;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-05-09 242664]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CtHdaSvc;Sound Blaster Service;c:\windows\sysWow64\CtHdaSvc.exe [2013-01-10 103424]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-22 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-11-22 828072]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
R2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [2013-01-30 945328]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-01-24 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-01-24 79360]
R3 cthda;Sound Blaster HDAudio;c:\windows\system32\drivers\cthda.sys [2013-01-10 1044400]
R3 CTHDB;SB Recon3D PCIe Audio Bus Filter;c:\windows\system32\DRIVERS\CtHDb.sys [2013-01-10 28592]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;E:\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-25 1255736]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-01-30 37720]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-28 44672]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-25 22:41 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-29 17:27]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 22:39]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 22:39]
.
2013-01-31 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
- c:\program files (x86)\AVG Secure Search\PostInstall\ROC.exe [2013-01-30 16:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-30 7284328]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-22 1127592]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={774FCFAC-D94E-4521-9039-D124BDE98A07}&mid=78e869ac9e4c414492955dce15e3def5-43e00dc797ad58ef813020547ab1305aab3e79c6&lang=en&ds=avgab0&pr=sa&d=2013-01-27 18:33&v=14.0.2.14&pid=avg&sg=&sap=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={774FCFAC-D94E-4521-9039-D124BDE98A07}&mid=78e869ac9e4c414492955dce15e3def5-43e00dc797ad58ef813020547ab1305aab3e79c6&lang=en&ds=avgab0&pr=sa&d=2013-01-27 18:33&pid=avg&sg=&v=14.0.2.14&sap=ku&q=
FF - ExtSQL: 2013-01-27 17:23; ffxtlbr@zonealarm.com; c:\users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\extensions\ffxtlbr@zonealarm.com
FF - ExtSQL: 2013-01-27 17:23; donottrack@checkpoint.com; c:\users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\extensions\donottrack@checkpoint.com
FF - ExtSQL: 2013-01-27 18:11; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - ExtSQL: 2013-01-27 18:34; avg@toolbar; c:\programdata\AVG Secure Search\FireFoxExt\14.0.2.14
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=97be6726efb44bfba75cc672272c65bf&tu=10G90006K2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=97be6726efb44bfba75cc672272c65bf&tu=10G90006K2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=97be6726efb44bfba75cc672272c65bf&tu=10G90006K2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=97be6726efb44bfba75cc672272c65bf&tu=10GpG006K2B000s&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 9c17b2130000000000008c89a588ce82
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15732
FF - user.js: extensions.zonealarm.vrsn - 1.8.3.16
FF - user.js: extensions.zonealarm.vrsni - 1.8.3.16
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.8.3.1618:05
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1043
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN116573865866699-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6Oz1LE6ej6&loc=IB_TB&I=26&search=
FF - user.js: extensions.incredibar_i.id - 9c17b2130000000000008c89a588ce82
FF - user.js: extensions.incredibar_i.instlDay - 15734
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1417:16
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6Oz1LE6ej6
FF - user.js: extensions.incredibar_i.upn2n - 92262881519060488
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10678
FF - user.js: extensions.incredibar_i.ppd - 111
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-31 19:55:24
ComboFix-quarantined-files.txt 2013-01-31 19:55
.
Pre-Run: 909,724,925,952 bytes free
Post-Run: 909,311,721,472 bytes free
.
- - End Of File - - D20D566C6E235562733684FA5AD01B4D

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------

ok, got to turn infected PC off here, I can still respond from my old PC.

 

[tedus987]

Right, just turned it on this morning and spybot's immunize has reported that the global host had no immunity this time.

 

[tedus987]

Can I ask if I'm suppose to do anything else... not too sure how long it takes for a standard reply.

 

[Jay Pfoutz]

Next step:

OTL Quick Scan

Please download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe.
• Click Quick Scan button and let the program run uninterrupted.
• It will produce a log for you called OTL.txt, please post it in your next reply.
• You may need to use two posts to get it all.

 

[tedus987]

Will it work outside of safe mode?

 

[Jay Pfoutz]

Try it out...it should.

 

[tedus987]

Ok, gonna run it now. I'll post the log before I turn the computer off.

 

[tedus987]

That was quick...

ok, log is...

the OLT log
----------------------------------------------------------------------------------
OTL logfile created on: 01/02/2013 19:49:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Luke\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

31.97 Gb Total Physical Memory | 27.51 Gb Available Physical Memory | 86.04% Memory free
63.94 Gb Paging File | 59.34 Gb Available in Paging File | 92.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 847.62 Gb Free Space | 91.00% Space Free | Partition Type: NTFS
Drive D: | 3725.90 Gb Total Space | 3672.55 Gb Free Space | 98.57% Space Free | Partition Type: NTFS
Drive E: | 0.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LUKE-PC-BUILD2 | User Name: Luke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/01 19:08:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Luke\Desktop\OTL.exe
PRC - [2013/01/30 16:09:30 | 001,101,488 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013/01/30 16:09:30 | 000,945,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
PRC - [2013/01/27 19:51:16 | 000,541,608 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/01/27 18:39:08 | 001,354,736 | ---- | M] (Valve Corporation) -- D:\installed games\Steam\Steam.exe
PRC - [2013/01/25 22:39:57 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2013/01/23 18:28:36 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013/01/23 17:57:24 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2013/01/10 10:02:16 | 000,103,424 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CtHdaSvc.exe
PRC - [2012/10/02 22:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/05/09 07:03:28 | 000,078,312 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2012/03/28 10:34:28 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011/11/14 05:44:20 | 000,880,128 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe
PRC - [2011/10/19 08:30:49 | 000,423,424 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2011/03/09 14:21:54 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2010/11/17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/30 16:09:31 | 000,156,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\SiteSafety.dll
MOD - [2013/01/30 16:09:30 | 001,101,488 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013/01/27 19:51:18 | 000,647,168 | ---- | M] () -- D:\installed games\Steam\sdl.dll
MOD - [2013/01/27 19:51:16 | 020,320,240 | ---- | M] () -- D:\installed games\Steam\bin\libcef.dll
MOD - [2013/01/27 19:51:16 | 001,100,800 | ---- | M] () -- D:\installed games\Steam\bin\avcodec-53.dll
MOD - [2013/01/27 19:51:16 | 000,969,640 | ---- | M] () -- D:\installed games\Steam\bin\chromehtml.dll
MOD - [2013/01/27 19:51:16 | 000,192,000 | ---- | M] () -- D:\installed games\Steam\bin\avformat-53.dll
MOD - [2013/01/27 19:51:16 | 000,124,416 | ---- | M] () -- D:\installed games\Steam\bin\avutil-51.dll
MOD - [2013/01/27 18:49:24 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/27 18:49:15 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/27 18:49:08 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/27 18:48:11 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/27 18:47:58 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/27 18:47:44 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/27 18:47:40 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/27 18:47:36 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011/03/09 14:21:56 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2011/03/09 14:21:48 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/11/22 14:35:22 | 000,828,072 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV:64bit: - [2011/07/28 17:43:58 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/30 16:09:30 | 000,945,328 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
SRV - [2013/01/29 17:27:28 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/27 19:51:16 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/01/24 16:28:10 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2013/01/24 16:27:18 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2013/01/23 18:28:36 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2013/01/16 20:09:27 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/10 10:02:16 | 000,103,424 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Windows\SysWOW64\CtHdaSvc.exe -- (CtHdaSvc)
SRV - [2012/10/02 22:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/05/09 16:03:26 | 000,242,664 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2011/10/19 08:30:49 | 000,423,424 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/30 16:09:31 | 000,037,720 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/01/10 10:02:16 | 001,044,400 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cthda.sys -- (cthda)
DRV:64bit: - [2013/01/10 10:02:16 | 000,028,592 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cthdb.sys -- (CTHDB)
DRV:64bit: - [2012/12/13 11:49:42 | 000,450,136 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2012/11/22 14:35:36 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2012/11/15 21:06:08 | 000,611,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/08/23 14:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/03 15:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/28 20:50:38 | 000,044,672 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/21 03:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 03:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 03:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/11/17 23:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC F7 F6 DC B0 FC CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...ab3e79c6&lang=en&ds=avgab0&pr=sa&d=2013-01-27 18:33:58&v=14.0.2.14&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{F7D9FB40-D297-491E-86F4-2DF3A207CB95}: "URL" = http://search.zonealarm.com/search?...f&tu=10G90006K2B000s&sku=&tstsId=&ver=&&r=658
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Search By ZoneAlarm"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://isearch.avg.com/?cid={774FCF...ab3e79c6&lang=en&ds=avgab0&pr=sa&d=2013-01-27 18:33:58&v=14.0.2.14&pid=avg&sg=&sap=hp"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0
FF - prefs.js..extensions.enabledAddons: donottrack%40checkpoint.com:2.2.5.1213
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:14.0.2.14
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid={...ab3e79c6&lang=en&ds=avgab0&pr=sa&d=2013-01-27 18:33:58&pid=avg&sg=&v=14.0.2.14&sap=ku&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2013/01/27 18:11:11 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013/01/27 18:11:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.0.2.14 [2013/01/30 16:10:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/25 22:40:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/01/25 22:40:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luke\AppData\Roaming\Mozilla\Extensions
[2013/01/29 17:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\extensions
[2013/01/27 18:11:07 | 000,000,000 | ---D | M] (ZoneAlarm Do Not Track) -- C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\extensions\donottrack@checkpoint.com
[2013/01/27 18:11:06 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\extensions\ffxtlbr@zonealarm.com
[2013/01/27 18:05:10 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\extensions\donottrack@checkpoint.com\chrome\content\ff\view_expiry.js
[2013/01/25 22:40:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/30 16:10:00 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\14.0.2.14
[2013/01/16 20:10:14 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/17 00:36:02 | 000,001,738 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2013/01/30 16:09:53 | 000,003,594 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2013/01/17 00:36:02 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/17 00:36:02 | 000,001,148 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2013/01/17 00:36:02 | 000,001,379 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2013/01/17 00:36:02 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2013/01/17 00:36:03 | 000,001,334 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: http://www.google.co.uk/
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={...ab3e79c6&lang=en&ds=avgab0&pr=sa&d=2013-01-27 18:33:58&v=14.0.2.14&pid=avg&sg=&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - Extension: Google Docs = C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.4_0\
CHR - Extension: Google Drive = C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Secure Search = C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.0.2.14_0\
CHR - Extension: Gmail = C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/02/01 14:37:14 | 000,444,602 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15296 more lines...
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.3.16\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZoneAlarm Do Not Track) - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll ()
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.3.16\zonealarmTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\lgfw.exe (Bitleader)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Sound Blaster Recon3D PCIe Control Panel] C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] D:\installed games\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AB2F9CB-4AAC-4F71-8F68-A98FC8BE792D}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

[tedus987]

========== Files/Folders - Created Within 30 Days ==========

[2013/02/01 19:47:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Luke\Desktop\OTL.exe
[2013/01/31 20:01:41 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\ElevatedDiagnostics
[2013/01/31 19:59:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/31 19:55:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/31 19:48:19 | 005,029,270 | R--- | C] (Swearware) -- C:\Users\Luke\Desktop\ComboFix.exe
[2013/01/31 17:05:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/31 17:05:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/31 17:05:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/31 17:04:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/31 17:04:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/30 17:49:13 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013/01/30 17:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2013/01/30 17:28:04 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Paint.NET
[2013/01/29 18:49:48 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\DoNotTrackPlus
[2013/01/29 18:26:43 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Diagnostics
[2013/01/29 17:27:41 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Macromedia
[2013/01/29 17:27:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/01/29 17:27:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/01/29 16:33:15 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\NVIDIA
[2013/01/29 16:31:16 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LucasArts
[2013/01/28 17:39:04 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\SWTOR
[2013/01/28 17:39:04 | 000,000,000 | ---D | C] -- C:\Users\Luke\Documents\HeroBlade Logs
[2013/01/27 21:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2013/01/27 21:01:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2013/01/27 18:37:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013/01/27 18:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/01/27 18:34:05 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\AVG Secure Search
[2013/01/27 18:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2013/01/27 18:33:56 | 000,037,720 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/01/27 18:33:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/01/27 18:33:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2013/01/27 18:24:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/01/27 18:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/01/27 18:24:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2013/01/27 18:20:07 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Malwarebytes
[2013/01/27 18:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/27 18:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/27 18:19:58 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/27 18:19:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/27 18:19:28 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Programs
[2013/01/27 18:10:52 | 000,611,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013/01/27 18:10:52 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/01/27 18:05:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DoNotTrackPlus
[2013/01/27 17:23:42 | 000,000,000 | ---D | C] -- C:\Users\Luke\Documents\ForceField Shared Files
[2013/01/27 17:23:41 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\CheckPoint
[2013/01/27 17:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2013/01/27 17:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2013/01/27 17:21:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Check Point Software Technologies LTD
[2013/01/27 17:21:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2013/01/27 17:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2013/01/25 22:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/01/25 22:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/01/25 22:40:32 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Mozilla
[2013/01/25 22:40:32 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Mozilla
[2013/01/25 22:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/01/25 22:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/25 22:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/01/25 22:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/01/25 22:39:54 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Google
[2013/01/25 22:39:36 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Apps
[2013/01/25 22:39:35 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Deployment
[2013/01/25 22:35:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/01/25 22:35:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/01/25 21:23:17 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Power2Go
[2013/01/25 07:15:45 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/01/24 23:19:15 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/01/24 23:17:02 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/01/24 23:16:42 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/01/24 17:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Tool Kit
[2013/01/24 17:44:58 | 000,023,664 | ---- | C] (BitLeader) -- C:\Windows\SysWow64\lgfwunis.exe
[2013/01/24 17:44:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\lg_fwupdate
[2013/01/24 17:39:14 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\CyberLink
[2013/01/24 17:39:13 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\CyberLink
[2013/01/24 17:38:28 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2013/01/24 17:37:42 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
[2013/01/24 17:37:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2013/01/24 17:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\CLSK
[2013/01/24 17:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2013/01/24 17:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013/01/24 16:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013/01/24 16:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2013/01/24 16:28:13 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/01/24 16:28:13 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/01/24 16:28:07 | 002,906,590 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll
[2013/01/24 16:28:07 | 001,943,040 | ---- | C] (Creative) -- C:\Windows\SysNative\Sens_oal.dll
[2013/01/24 16:27:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
[2013/01/24 16:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2013/01/24 16:26:57 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2013/01/24 16:26:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2013/01/24 16:21:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013/01/24 16:20:57 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision X
[2013/01/24 16:20:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EVGA Precision X
[2013/01/24 16:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013/01/24 16:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/01/24 16:14:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013/01/24 16:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013/01/24 16:13:23 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013/01/24 16:11:00 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Macromedia
[2013/01/24 16:11:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/01/24 16:11:00 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Adobe
[2013/01/24 16:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/01/24 16:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/01/24 16:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/01/24 16:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2013/01/24 16:08:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2013/01/24 16:06:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/01/24 16:05:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013/01/24 16:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/01/24 16:05:24 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013/01/24 16:05:24 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013/01/24 16:05:23 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013/01/24 16:05:23 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013/01/24 16:05:23 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013/01/24 16:05:20 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013/01/24 16:05:20 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013/01/24 16:05:20 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013/01/24 16:05:20 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013/01/24 16:05:20 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013/01/24 16:05:20 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013/01/24 16:05:16 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013/01/24 16:05:15 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013/01/24 16:05:12 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013/01/24 16:05:05 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013/01/24 16:05:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/01/24 16:01:19 | 000,539,240 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013/01/24 16:00:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013/01/24 16:00:58 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/01/24 15:58:55 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013/01/24 15:58:54 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\AMD
[2013/01/24 15:58:53 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\ATI
[2013/01/24 15:58:53 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\ATI
[2013/01/24 15:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/01/24 15:58:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013/01/24 15:58:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013/01/24 15:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013/01/24 15:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2013/01/24 15:57:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013/01/24 15:57:42 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/01/24 15:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013/01/24 15:56:46 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013/01/24 15:36:16 | 000,000,000 | R--D | C] -- C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/01/24 15:36:16 | 000,000,000 | R--D | C] -- C:\Users\Luke\Searches
[2013/01/24 15:36:16 | 000,000,000 | R--D | C] -- C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/01/24 15:36:16 | 000,000,000 | -H-D | C] -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/01/24 15:36:09 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Identities
[2013/01/24 15:36:08 | 000,000,000 | R--D | C] -- C:\Users\Luke\Contacts
[2013/01/24 15:36:07 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\VirtualStore
[2013/01/24 15:36:04 | 000,000,000 | --SD | C] -- C:\Users\Luke\AppData\Roaming\Microsoft
[2013/01/24 15:36:04 | 000,000,000 | R--D | C] -- C:\Users\Luke\Videos
[2013/01/24 15:36:04 | 000,000,000 | R--D | C] -- C:\Users\Luke\Saved Games
[2013/01/24 15:36:04 | 000,000,000 | R--D | C] -- C:\Users\Luke\Pictures
[2013/01/24 15:36:04 | 000,000,000 | R--D | C] -- C:\Users\Luke\Music
[2013/01/24 15:36:04 | 000,000,000 | R--D | C] -- C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/01/24 15:36:04 | 000,000,000 | R--D | C] -- C:\Users\Luke\Links
[2013/01/24 15:36:04 | 000,000,000 | R--D | C] -- C:\Users\Luke\Favorites
[2013/01/24 15:36:04 | 000,000,000 | R--D | C] -- C:\Users\Luke\Downloads
[2013/01/24 15:36:04 | 000,000,000 | R--D | C] -- C:\Users\Luke\Documents
[2013/01/24 15:36:04 | 000,000,000 | R--D | C] -- C:\Users\Luke\Desktop
[2013/01/24 15:36:04 | 000,000,000 | R--D | C] -- C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\AppData\Local\Temporary Internet Files
[2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\Templates
[2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\Start Menu
[2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\SendTo
[2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\Recent
[2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\PrintHood
[2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\NetHood
[2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\Documents\My Videos
[2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\Documents\My Pictures
[2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\Documents\My Music
[2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\My Documents
[2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\Local Settings
[2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\AppData\Local\History
[2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\Cookies
[2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\Application Data
[2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\AppData\Local\Application Data
[2013/01/24 15:36:04 | 000,000,000 | -H-D | C] -- C:\Users\Luke\AppData
[2013/01/24 15:36:04 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Temp
[2013/01/24 15:36:04 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Microsoft
[2013/01/24 15:36:04 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Media Center Programs
[2013/01/24 15:36:00 | 000,000,000 | ---D | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2013/02/01 19:44:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/01 19:08:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Luke\Desktop\OTL.exe
[2013/02/01 19:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/01 14:37:14 | 000,444,602 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/01 07:17:12 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/01 07:17:12 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/01 07:14:25 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/02/01 07:14:24 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/01 07:14:15 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/01 07:14:15 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/01 07:14:15 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/01 07:09:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/01 07:09:53 | 4271,554,555 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/31 20:00:10 | 000,000,344 | ---- | M] () -- C:\Windows\lgfwup.ini
[2013/01/31 19:53:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130201-143714.backup
[2013/01/31 19:31:26 | 005,029,270 | R--- | M] (Swearware) -- C:\Users\Luke\Desktop\ComboFix.exe
[2013/01/30 17:28:57 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2013/01/30 16:09:31 | 000,037,720 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/01/29 18:50:43 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/29 17:16:34 | 000,000,450 | ---- | M] () -- C:\user.js
[2013/01/29 16:58:16 | 000,000,823 | ---- | M] () -- C:\Users\Luke\Desktop\Star Wars Knights of the Old Republic II - The Sith Lords.lnk
[2013/01/29 16:58:07 | 000,000,963 | ---- | M] () -- C:\Users\Luke\Desktop\Star Wars Knights of the Old Republic.lnk
[2013/01/29 16:49:29 | 000,013,449 | -H-- | M] () -- C:\Windows\SysWow64\BTImages.dat
[2013/01/27 21:01:20 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2013/01/27 21:01:20 | 000,001,049 | ---- | M] () -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\Star Wars - The Old Republic.lnk
[2013/01/27 18:37:52 | 000,000,699 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/01/27 18:30:20 | 000,445,399 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130130-163829.backup
[2013/01/27 18:24:39 | 000,001,282 | ---- | M] () -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/01/27 18:24:39 | 000,001,258 | ---- | M] () -- C:\Users\Luke\Desktop\Spybot - Search & Destroy.lnk
[2013/01/27 18:19:59 | 000,001,133 | ---- | M] () -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/27 18:13:55 | 000,418,047 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2013/01/27 17:23:30 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2013/01/25 22:51:37 | 000,002,279 | ---- | M] () -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/25 22:51:05 | 000,277,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/25 22:41:15 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/01/25 22:40:21 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/01/25 22:38:07 | 000,001,437 | ---- | M] () -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/01/25 22:38:03 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2013/01/25 22:17:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/01/25 22:17:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/01/24 23:19:12 | 000,040,868 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/01/24 23:19:12 | 000,040,868 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/01/24 17:45:56 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink Media Suite 10.lnk
[2013/01/24 17:37:42 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink BD Advisor.lnk
[2013/01/24 16:28:13 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/01/24 16:28:13 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/01/24 16:27:49 | 000,002,321 | ---- | M] () -- C:\Users\Public\Desktop\Creative Product Registration.lnk
[2013/01/24 16:27:06 | 000,000,078 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2013/01/24 16:20:57 | 000,001,088 | ---- | M] () -- C:\Users\Luke\Desktop\EVGA Precision X.lnk
[2013/01/24 16:11:04 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat.com.lnk
[2013/01/24 16:10:38 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/01/10 10:02:16 | 000,025,076 | ---- | M] () -- C:\Windows\SysNative\CtHda.ini
[2013/01/10 10:02:16 | 000,011,180 | ---- | M] () -- C:\Windows\SysWow64\CtHRFX64.hda
[2013/01/10 10:02:16 | 000,011,180 | ---- | M] () -- C:\Windows\SysNative\CTHRFX64.hda
[2013/01/10 10:02:16 | 000,004,850 | ---- | M] () -- C:\Windows\CtHdaLoc.reg

========== Files Created - No Company Name ==========

[2013/01/31 17:05:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/31 17:05:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/31 17:05:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/31 17:05:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/31 17:05:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/30 17:28:57 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2013/01/30 17:28:57 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2013/01/30 16:10:00 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/01/29 17:27:29 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/29 17:16:34 | 000,000,450 | ---- | C] () -- C:\user.js
[2013/01/29 16:58:16 | 000,000,823 | ---- | C] () -- C:\Users\Luke\Desktop\Star Wars Knights of the Old Republic II - The Sith Lords.lnk
[2013/01/29 16:58:07 | 000,000,963 | ---- | C] () -- C:\Users\Luke\Desktop\Star Wars Knights of the Old Republic.lnk
[2013/01/27 21:01:20 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2013/01/27 21:01:20 | 000,001,049 | ---- | C] () -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\Star Wars - The Old Republic.lnk
[2013/01/27 18:37:59 | 000,013,449 | -H-- | C] () -- C:\Windows\SysWow64\BTImages.dat
[2013/01/27 18:37:52 | 000,000,699 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/01/27 18:24:39 | 000,001,282 | ---- | C] () -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/01/27 18:24:39 | 000,001,258 | ---- | C] () -- C:\Users\Luke\Desktop\Spybot - Search & Destroy.lnk
[2013/01/27 18:19:59 | 000,001,133 | ---- | C] () -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/27 18:19:59 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/27 17:23:44 | 000,418,047 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2013/01/27 17:23:30 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2013/01/25 22:41:15 | 000,002,279 | ---- | C] () -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/25 22:41:15 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/01/25 22:40:21 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/01/25 22:40:21 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/01/25 22:39:59 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/25 22:39:59 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/25 22:38:03 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2013/01/25 22:23:50 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/01/25 22:17:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/01/25 22:17:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/01/25 22:14:43 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/01/24 23:19:07 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/01/24 23:19:00 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/01/24 23:16:42 | 4271,554,555 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/24 17:45:56 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink Media Suite 10.lnk
[2013/01/24 17:45:02 | 000,000,344 | ---- | C] () -- C:\Windows\lgfwup.ini
[2013/01/24 17:37:42 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink BD Advisor.lnk
[2013/01/24 16:27:49 | 000,002,321 | ---- | C] () -- C:\Users\Public\Desktop\Creative Product Registration.lnk
[2013/01/24 16:27:45 | 000,007,062 | ---- | C] () -- C:\Windows\SysWow64\audiopid.vxd
[2013/01/24 16:27:23 | 000,005,594 | ---- | C] () -- C:\Windows\SysNative\CTOPT399.cat
[2013/01/24 16:27:23 | 000,005,498 | ---- | C] () -- C:\Windows\SysWow64\CTOPT399.cat
[2013/01/24 16:26:33 | 000,003,770 | ---- | C] () -- C:\Windows\cthdaENG.reg
[2013/01/24 16:26:33 | 000,000,078 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2013/01/24 16:20:57 | 000,001,088 | ---- | C] () -- C:\Users\Luke\Desktop\EVGA Precision X.lnk
[2013/01/24 16:14:48 | 003,536,817 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2013/01/24 16:14:21 | 000,016,127 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013/01/24 16:11:04 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2013/01/24 16:11:04 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat.com.lnk
[2013/01/24 16:10:38 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2013/01/24 16:10:38 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/01/24 16:01:18 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2013/01/24 15:58:25 | 000,001,437 | ---- | C] () -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/01/24 15:36:19 | 000,001,409 | ---- | C] () -- C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/01/24 15:36:17 | 000,001,443 | ---- | C] () -- C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/01/24 15:36:04 | 000,000,290 | ---- | C] () -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/01/24 15:36:04 | 000,000,272 | ---- | C] () -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/01/10 10:02:16 | 000,025,076 | ---- | C] () -- C:\Windows\SysNative\CtHda.ini
[2013/01/10 10:02:16 | 000,011,180 | ---- | C] () -- C:\Windows\SysWow64\CtHRFX64.hda
[2013/01/10 10:02:16 | 000,011,180 | ---- | C] () -- C:\Windows\SysNative\CTHRFX64.hda
[2013/01/10 10:02:16 | 000,004,850 | ---- | C] () -- C:\Windows\CtHdaLoc.reg
[2011/07/28 17:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/27 17:23:41 | 000,000,000 | ---D | M] -- C:\Users\Luke\AppData\Roaming\CheckPoint

========== Purity Check ==========



< End of report >

 

[tedus987]

Ok, and the extra log

---------------------------------------

OTL Extras logfile created on: 01/02/2013 19:49:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Luke\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

31.97 Gb Total Physical Memory | 27.51 Gb Available Physical Memory | 86.04% Memory free
63.94 Gb Paging File | 59.34 Gb Available in Paging File | 92.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 847.62 Gb Free Space | 91.00% Space Free | Partition Type: NTFS
Drive D: | 3725.90 Gb Total Space | 3672.55 Gb Free Space | 98.57% Space Free | Partition Type: NTFS
Drive E: | 0.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LUKE-PC-BUILD2 | User Name: Luke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1231501D-D3D3-4E1D-8866-509AB477B59C}" = protocol=6 | dir=in | app=d:\installed games\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{17C7CAB3-6D64-4B3A-ACE0-791D67CBE4B0}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{25EFF774-485F-42E8-82A6-26EF603F17E6}" = protocol=17 | dir=in | app=d:\installed games\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{2DCF96F0-07A3-4603-8BE4-76BBC4E6DD43}" = protocol=6 | dir=in | app=d:\installed games\steam\steamapps\common\back to the future 104\backtothefuture104.exe |
"{2F0AD109-1295-49DA-BC0A-1133BC4889B0}" = protocol=6 | dir=in | app=d:\installed games\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{4542839F-2AB6-4258-8DA1-190C6C3628AC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{513521C8-FFCD-4D60-A547-D34E49105B89}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{63ABBC34-2F8B-4643-8E01-3C32056E0836}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{6A062871-1EC4-48B9-BFE8-4586F560DC7A}" = protocol=17 | dir=in | app=d:\installed games\steam\steam.exe |
"{7928597A-24B2-41E3-8A00-790367F50B29}" = protocol=17 | dir=in | app=d:\installed games\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{85253198-5014-4138-98F3-38DADCDA8D1C}" = protocol=6 | dir=in | app=d:\installed games\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{872FF794-3885-40D5-A749-3367FEE66439}" = protocol=6 | dir=in | app=d:\installed games\steam\steamapps\common\back to the future ep 2\backtothefuture102.exe |
"{8859D5A8-E3B8-4918-BE0E-BB129F285742}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{9F834A52-B472-4F88-AC37-C6843A7ABD05}" = protocol=17 | dir=in | app=d:\installed games\steam\steamapps\common\back to the future 105\backtothefuture105.exe |
"{A124DB4E-5325-4437-96D1-3821CDD07771}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{A8BE664C-905A-4E36-B5A3-980C349D958E}" = protocol=6 | dir=in | app=d:\installed games\steam\steamapps\common\back to the future 105\backtothefuture105.exe |
"{AA710D5C-A37D-4488-8839-7C0422E249E9}" = protocol=6 | dir=in | app=d:\installed games\steam\steamapps\common\back to the future ep 1\backtothefuture101.exe |
"{B8302805-306C-4A32-8E75-2AE7103CDFC5}" = protocol=17 | dir=in | app=d:\installed games\steam\steamapps\common\back to the future ep 1\backtothefuture101.exe |
"{BB3C59C0-65CE-45D3-BC0D-65714606B847}" = protocol=6 | dir=in | app=d:\installed games\steam\steamapps\common\back to the future 103\backtothefuture103.exe |
"{D0E9BAA7-5CB9-44BF-8275-D72F0F821469}" = protocol=17 | dir=in | app=d:\installed games\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{DC30EF47-FC14-40CA-BD7F-96315ED8E36B}" = protocol=17 | dir=in | app=d:\installed games\steam\steamapps\common\back to the future 104\backtothefuture104.exe |
"{E400491B-8A18-4C96-A976-1654FD1DF6B8}" = protocol=6 | dir=in | app=d:\installed games\steam\steam.exe |
"{E93C82DF-440B-4277-881A-E2B74A7355D3}" = protocol=17 | dir=in | app=d:\installed games\steam\steamapps\common\back to the future ep 2\backtothefuture102.exe |
"{FF54245B-188E-4CF6-971A-EE882A2CA83B}" = protocol=17 | dir=in | app=d:\installed games\steam\steamapps\common\back to the future 103\backtothefuture103.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{32F437DA-BABA-CD62-E342-69FE17FAC771}" = ccc-utility64
"{413C3B15-DCB6-4329-77B0-C20A3D9F010F}" = AMD Fuel
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{9AFAAEAF-7256-793D-AE2B-B4B2C5B3A807}" = AMD Catalyst Install Manager
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{015E3420-9CA0-49A1-A107-8DF03523B000}" = ZoneAlarm DataLock
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{049155CC-5AB3-296F-5815-CD73A9646E99}" = CCC Help Greek
"{08366AE3-72A2-523E-7218-D1B0B8271EBA}" = CCC Help Turkish
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{204FCF73-1450-407D-BCF9-1233EC5F5787}" = Sound Blaster Recon3D PCIe Extras
"{2812B4B3-A412-7785-1964-4D60340E60A9}" = CCC Help French
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD_3D Advisor 2.0
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{354C5FB7-C8EC-1EC4-BE90-109E048E9C82}" = CCC Help Russian
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go 7
"{462D8F12-355D-5920-9193-25388DA500DA}" = CCC Help Chinese Traditional
"{4A1C03BB-6A5A-B8F8-F910-6791960DC25C}" = Catalyst Control Center Localization All
"{4BF35375-9076-1169-6452-EC085410DD0E}" = Catalyst Control Center Profiles Mobile
"{4CC4A295-8204-75C9-6E44-E280E661282B}" = CCC Help Korean
"{4FD0F94D-0CAB-C85B-FA2C-9586BA0AAE60}" = CCC Help Spanish
"{53B04D20-50D5-EA2F-BDFC-BCE332124FED}" = CCC Help Dutch
"{53BCB6DB-C944-CE07-BBA7-B8EC2DA228B0}" = CCC Help Swedish
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5983D9F0-E6E9-423C-A920-9BA78935DC7A}" = ZoneAlarm Antivirus
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7C428915-7C49-E005-8D9C-0AFC3B9E2A55}" = CCC Help English
"{86227080-3ADB-5A9B-BB8A-8CE8CB6429F8}" = CCC Help Chinese Standard
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}" = CyberLink MediaShow 6
"{91B1F7B1-9721-D228-F591-2C2A4695302C}" = Catalyst Control Center InstallProxy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A075239D-F706-B32D-A071-5804AE360AF0}" = CCC Help Finnish
"{A338D97B-5164-4D07-9C5D-19236976B2A2}" = ZoneAlarm Security
"{A7CDE866-4E90-D922-89C4-31B836BC6E67}" = CCC Help German
"{A83FC388-927A-68E4-72FC-FC54E404B27F}" = CCC Help Japanese
"{A860FE72-A9F6-AB3D-09AE-3AA954EA1725}" = CCC Help Norwegian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2FA84C-E17E-4E6F-9F6B-8CFEB3661F0E}" = Sound Blaster Recon3D PCIe
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B2F86EAE-18EE-6B39-20D8-C542D841F034}" = CCC Help Thai
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer 5.5
"{BC3EBF1D-5F30-4E53-93A5-15FD9D1CF12B}" = ZoneAlarm Firewall
"{BC5CE684-9D5B-707E-30BC-9275E2B49FA0}" = CCC Help Danish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5
"{DC311C01-B1A9-8CAD-F018-9395269654EC}" = CCC Help Polish
"{DCFF61CC-B313-37DF-D567-26430CBC8720}" = CCC Help Portuguese
"{DE329278-4E61-8A9B-CADA-44AAC9E06C81}" = CCC Help Italian
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DFE4070B-1657-942F-72B1-0057A9A830EF}" = CCC Help Hungarian
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{ED20800E-1BFF-E5D6-86DF-2B8015E308E3}" = Catalyst Control Center
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FDF4B587-4070-4C2A-C3DC-A8F5DB3B6C5B}" = CCC Help Czech
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG Secure Search" = AVG Security Toolbar
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"Google Chrome" = Google Chrome
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = CyberLink Media Suite 10
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer 5.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 18.0.1 (x86 en-GB)" = Mozilla Firefox 18.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PrecisionX" = EVGA Precision X 3.0.3
"Star Wars Knights of the Old Republic" = Star Wars Knights of the Old Republic
"Steam App 22380" = Fallout: New Vegas
"Steam App 31290" = Back to the Future: Ep 1 - It's About Time
"Steam App 94500" = Back to the Future: Ep 2 - Get Tannen!
"Steam App 94510" = Back to the Future: Ep 3 - Citizen Brown
"Steam App 94520" = Back to the Future: Ep 4 - Double Visions
"Steam App 94530" = Back to the Future: Ep 5 - OUTATIME
"SWKotOR2" = Star Wars Knights of the Old Republic II - The Sith Lords
"SysInfo" = Creative System Information
"ZoneAlarm Do Not Track Add-on_is1" = ZoneAlarm Do Not Track Add-on 2.2.5.1213
"ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 31/01/2013 15:48:44 | Computer Name = Luke-PC-Build2 | Source = WinMgmt | ID = 10
Description =

Error - 31/01/2013 15:50:29 | Computer Name = Luke-PC-Build2 | Source = VSS | ID = 18
Description =

Error - 31/01/2013 15:50:29 | Computer Name = Luke-PC-Build2 | Source = VSS | ID = 8193
Description =

Error - 31/01/2013 15:50:29 | Computer Name = Luke-PC-Build2 | Source = System Restore | ID = 8193
Description =

Error - 31/01/2013 15:59:44 | Computer Name = Luke-PC-Build2 | Source = WinMgmt | ID = 10
Description =

Error - 01/02/2013 03:10:05 | Computer Name = Luke-PC-Build2 | Source = WinMgmt | ID = 10
Description =

Error - 01/02/2013 03:58:09 | Computer Name = Luke-PC-Build2 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 01/02/2013 03:58:19 | Computer Name = Luke-PC-Build2 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 01/02/2013 03:59:17 | Computer Name = Luke-PC-Build2 | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 01/02/2013 12:43:19 | Computer Name = Luke-PC-Build2 | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 31/01/2013 15:47:46 | Computer Name = Luke-PC-Build2 | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 31/01/2013 15:47:46 | Computer Name = Luke-PC-Build2 | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 31/01/2013 15:47:46 | Computer Name = Luke-PC-Build2 | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 31/01/2013 15:47:46 | Computer Name = Luke-PC-Build2 | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 31/01/2013 15:47:46 | Computer Name = Luke-PC-Build2 | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 31/01/2013 15:48:18 | Computer Name = Luke-PC-Build2 | Source = DCOM | ID = 10005
Description =

Error - 31/01/2013 15:50:29 | Computer Name = Luke-PC-Build2 | Source = DCOM | ID = 10005
Description =

Error - 31/01/2013 15:52:22 | Computer Name = Luke-PC-Build2 | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 31/01/2013 15:53:32 | Computer Name = Luke-PC-Build2 | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 31/01/2013 15:53:53 | Computer Name = Luke-PC-Build2 | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >

 

[tedus987]

Ok, with that I have to turn off the infected computer. feal free to post the next step and I'll run it tomorow morning.

 

[Jay Pfoutz]

ComboFix Script

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the codebox below into it:
  

  ClearJavaCache::
  
  Firefox::
  FF - user.js: extensions.incredibar_i.newTab - false
  FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6Oz1LE6ej6&loc=IB_TB&I=26&search=
  FF - user.js: extensions.incredibar_i.id - 9c17b2130000000000008c89a588ce82
  FF - user.js: extensions.incredibar_i.instlDay - 15734
  FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
  FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
  FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1417:16
  FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
  FF - user.js: extensions.incredibar_i.prdct - incredibar
  FF - user.js: extensions.incredibar_i.aflt - orgnl
  FF - user.js: extensions.incredibar_i.smplGrp - none
  FF - user.js: extensions.incredibar_i.tlbrId - base
  FF - user.js: extensions.incredibar_i.instlRef -
  FF - user.js: extensions.incredibar_i.dfltLng -
  FF - user.js: extensions.incredibar_i.excTlbr - false
  FF - user.js: extensions.incredibar_i.ms_url_id -
  FF - user.js: extensions.incredibar_i.upn2 - 6Oz1LE6ej6
  FF - user.js: extensions.incredibar_i.upn2n - 92262881519060488
  FF - user.js: extensions.incredibar_i.productid - 26
  FF - user.js: extensions.incredibar_i.installerproductid - 26
  FF - user.js: extensions.incredibar_i.did - 10678
  FF - user.js: extensions.incredibar_i.ppd - 111

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
• Please post the contents of the log in your next reply.

Adware Cleaning

Please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

• Warning! Once the scan is complete JRT will shut down your browser with NO warning.

• Shut down your protection software now to avoid potential conflicts.
• Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
• Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Copy and Paste the JRT.txt log into your next message.

 

[tedus987]

OK, I'll do that tomorrow

 

[Jay Pfoutz]

Okay! (y)

 

[tedus987]

Ow before I go, Adware cleaner, will it require safe mode or can I run it normally?

if so, in order my tasks are...
turn PC on and copy that text.
re-start and run safe mode for combo fix making sure to close Zone alarm.
re-start, upload combo fix log and run AdwCleaner and upload log.
re-start and run safe-mode for Junkware Removal Tool.
re-start and upload Junkware Removal Tool.

I'm gonna have fun.

 

[Jay Pfoutz]

All these tools can run normally, as long as the system boots fine in Normal Mode.

 

[tedus987]

Combo Fix got stuck in normal mode, plus Zone alarm can be a pain to turn off in Normal mode.

 

[Jay Pfoutz]

Give it a try in Normal Mode. If no joy, then Safe Mode is best option.

 

[tedus987]

Ok, will do.

 

[Jay Pfoutz]

Okay. Will wait for info.