Solved Trojan Sirefef.Y

A

Andy Sweetman

Posts: 21   +0
Hi
I have a Windows 7 64 bit system and have today got the trojan sirefef.y which disabled MSE and started Windows shutting down after finding critical error. I have installed Antimalware software per the pinned thread on this forum however the pc does not allow (even in safe mode) time for the process to scan before the computer reboots after 60 seconds.

I have downloaded the FRST file and attach the text output below - please help Broni!

Scan result of Farbar Recovery Scan Tool Version: 12-06-2012 02
Ran by SYSTEM at 13-06-2012 15:21:20
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8158240 2009-10-06] (Realtek Semiconductor)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1840720 2007-04-03] (CANON INC.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807680 2010-02-09] ()
HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-04-13] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2010-04-27] (cyberlink)
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [111640 2009-09-30] ()
HKLM-x32\...\Run: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1" [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0" [218408 2009-02-17] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun [557056 2011-08-17] (BitLeader)
HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [222504 2010-06-02] (CyberLink Corp.)
HKLM-x32\...\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [185640 2009-09-26] (Seagate LLC)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [887976 2011-08-23] (Ask)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1987976 2012-02-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-21] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [AmdAgent] C:\Windows\Temp\temp88.exe [792576 2012-06-13] ()
HKU\Andy\...\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [247728 2011-04-22] (TomTom)
HKU\Andy\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-18] (Google Inc.)
HKU\Andy\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Andy\...\Policies\system: [LogonHoursAction] 2
HKU\Andy\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Ben\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-18] (Google Inc.)
HKU\Ben\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17344176 2012-06-05] (Skype Technologies S.A.)
HKU\Ben\...\Policies\system: [LogonHoursAction] 2
HKU\Ben\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Hannah\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-18] (Google Inc.)
HKU\Hannah\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)
HKU\Hannah\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17344176 2012-06-05] (Skype Technologies S.A.)
HKU\Hannah\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-05-28] (Valve Corporation)
HKU\Hannah\...\Policies\system: [LogonHoursAction] 2
HKU\Hannah\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Lucy\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-18] (Google Inc.)
HKU\Lucy\...\Policies\system: [LogonHoursAction] 2
HKU\Lucy\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Sam\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-18] (Google Inc.)
HKU\Sam\...\Policies\system: [LogonHoursAction] 2
HKU\Sam\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Sam.Desktop\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-18] (Google Inc.)
HKU\Sam.Desktop\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)
HKU\Sam.Desktop\...\Policies\system: [LogonHoursAction] 2
HKU\Sam.Desktop\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-04] (Dell)
HKLM-x32\...\runonceex: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
Startup: C:\Users\Andy\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Ben\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Hannah\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Lucy\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Sam\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Sam.Desktop\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
==================== Services (Whitelisted) ======
2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [249648 2011-06-15] (Microsoft Corporation)
2 FreeAgentGoNext Service; "C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe" [189736 2009-09-26] (Seagate Technology LLC)
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2343816 2012-02-28] (LogMeIn Inc.)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [244904 2009-07-02] ()
3 RoxMediaDB10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [1124848 2009-06-26] (Sonic Solutions)
2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3048136 2012-05-30] (Skype Technologies S.A.)
2 TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [92592 2011-04-22] (TomTom)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2009-09-30] (Intel Corporation)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
========================== Drivers (Whitelisted) =============
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
1 RxFilter; C:\Windows\SysWow64\Drivers\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-06-13 13:40 - 2012-06-13 13:40 - 00000162 ___AH C:\Users\Andy\My Documents\~$ternet IDs.doc
2012-06-13 13:40 - 2012-06-13 13:40 - 00000162 ___AH C:\Users\Andy\Documents\~$ternet IDs.doc
2012-06-13 13:01 - 2012-06-13 13:01 - 00003352 ____N C:\bootsqm.dat
2012-06-13 11:35 - 2012-06-13 11:35 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-13 11:35 - 2012-06-13 11:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-13 11:24 - 2012-06-13 11:24 - 00001096 ____A C:\Users\Sam.Desktop\Desktop\Live Security Platinum.lnk
2012-06-13 11:24 - 2012-06-13 11:24 - 00001096 ____A C:\Users\Lucy\Desktop\Live Security Platinum.lnk
2012-06-13 11:24 - 2012-06-13 11:24 - 00001096 ____A C:\Users\Hannah\Desktop\Live Security Platinum.lnk
2012-06-13 11:24 - 2012-06-13 11:24 - 00001096 ____A C:\Users\Ben\Desktop\Live Security Platinum.lnk
2012-06-13 11:24 - 2012-06-13 11:24 - 00001096 ____A C:\Users\Andy\Desktop\Live Security Platinum.lnk
2012-06-11 18:24 - 2012-06-11 18:24 - 00000000 ____D C:\Users\Ben\Desktop\Minecraft
2012-06-10 21:27 - 2012-06-10 21:27 - 00419840 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-06-10 21:27 - 2012-06-10 21:27 - 00413696 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-06-10 21:27 - 2012-06-10 21:27 - 00133632 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-06-10 21:27 - 2012-06-10 21:27 - 00110592 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-06-10 21:27 - 2012-06-10 21:27 - 00000221 ____A C:\Users\Ben\Desktop\Clones Demo.url
2012-06-10 21:27 - 2012-06-10 21:27 - 00000000 ____D C:\Users\Ben\My Documents\ClonesDemo
2012-06-10 21:27 - 2012-06-10 21:27 - 00000000 ____D C:\Users\Ben\Documents\ClonesDemo
2012-06-10 21:27 - 2012-06-10 21:27 - 00000000 ____D C:\Users\Ben\Application Data\ClonesDemo
2012-06-10 21:27 - 2012-06-10 21:27 - 00000000 ____D C:\Users\Ben\AppData\Roaming\ClonesDemo
2012-06-10 21:27 - 2012-06-10 21:27 - 00000000 ____D C:\Program Files (x86)\OpenAL
2012-06-10 18:52 - 2012-06-10 18:52 - 00015910 ____A C:\Users\Ben\Desktop\hs_err_pid26928.log
2012-06-10 18:37 - 2012-06-10 18:38 - 00002018 ____A C:\Users\Ben\My Documents\mcedit.ini
2012-06-10 18:37 - 2012-06-10 18:38 - 00002018 ____A C:\Users\Ben\Documents\mcedit.ini
2012-06-10 18:37 - 2012-06-10 18:37 - 00060473 ____A C:\Users\Ben\Downloads\mcedit-uninstall.exe
2012-06-10 18:37 - 2012-06-10 18:37 - 00001693 ____A C:\Users\Ben\Desktop\MCEdit.lnk
2012-06-10 18:37 - 2012-06-10 18:37 - 00001671 ____A C:\Users\Ben\Downloads\MCEdit.lnk
2012-06-10 18:37 - 2012-06-10 18:37 - 00000000 ____D C:\Users\Ben\My Documents\MCEdit-schematics
2012-06-10 18:37 - 2012-06-10 18:37 - 00000000 ____D C:\Users\Ben\Downloads\MCEditData
2012-06-10 18:37 - 2012-06-10 18:37 - 00000000 ____D C:\Users\Ben\Downloads\doc
2012-06-10 18:37 - 2012-06-10 18:37 - 00000000 ____D C:\Users\Ben\Documents\MCEdit-schematics
2012-06-10 18:37 - 2012-06-10 18:37 - 00000000 ____D C:\Users\Ben\Application Data\pymclevel
2012-06-10 18:37 - 2012-06-10 18:37 - 00000000 ____D C:\Users\Ben\AppData\Roaming\pymclevel
2012-06-10 18:35 - 2012-06-10 18:36 - 10629010 ____A C:\Users\Ben\Downloads\MCEdit-stable33-win32-setup.exe
2012-06-10 18:34 - 2012-06-10 18:34 - 01779847 ____A C:\Users\Ben\Downloads\mcedit-mcedit-0.1.1-1-g41ea379.zip
2012-06-10 18:08 - 2012-06-10 18:08 - 01589718 ____A C:\Users\Ben\Downloads\Minecraft_Server.exe
2012-06-10 18:07 - 2012-06-10 21:26 - 00000000 ____D C:\Users\Ben\Desktop\Ben's Minecraft Server
2012-06-09 22:22 - 2012-06-09 22:28 - 00000000 ____D C:\Users\Hannah\Application Data\Mozilla
2012-06-09 22:22 - 2012-06-09 22:28 - 00000000 ____D C:\Users\Hannah\AppData\Roaming\Mozilla
2012-06-09 22:21 - 2012-06-09 22:29 - 00000000 ____D C:\Users\Hannah\My Documents\The Lord of the Rings Online
2012-06-09 22:21 - 2012-06-09 22:29 - 00000000 ____D C:\Users\Hannah\Documents\The Lord of the Rings Online
2012-06-09 22:21 - 2012-06-09 22:21 - 00000000 ____D C:\Users\Hannah\Local Settings\The Lord of the Rings Online
2012-06-09 22:21 - 2012-06-09 22:21 - 00000000 ____D C:\Users\Hannah\Local Settings\Application Data\The Lord of the Rings Online
2012-06-09 22:21 - 2012-06-09 22:21 - 00000000 ____D C:\Users\Hannah\AppData\Local\The Lord of the Rings Online
2012-06-09 22:17 - 2009-09-04 18:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2012-06-09 22:17 - 2009-09-04 18:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2012-06-09 22:06 - 2012-06-09 22:29 - 00000000 ____D C:\Users\Hannah\Local Settings\ApplicationHistory
2012-06-09 22:06 - 2012-06-09 22:29 - 00000000 ____D C:\Users\Hannah\Local Settings\Application Data\ApplicationHistory
2012-06-09 22:06 - 2012-06-09 22:29 - 00000000 ____D C:\Users\Hannah\AppData\Local\ApplicationHistory
2012-06-09 22:06 - 2012-06-09 22:18 - 00000000 ____D C:\Users\Hannah\Local Settings\Turbine
2012-06-09 22:06 - 2012-06-09 22:18 - 00000000 ____D C:\Users\Hannah\Local Settings\Application Data\Turbine
2012-06-09 22:06 - 2012-06-09 22:18 - 00000000 ____D C:\Users\Hannah\AppData\Local\Turbine
2012-06-09 22:06 - 2012-06-09 22:06 - 00000094 ____A C:\Users\Hannah\Local Settings\fusioncache.dat
2012-06-09 22:06 - 2012-06-09 22:06 - 00000094 ____A C:\Users\Hannah\Local Settings\Application Data\fusioncache.dat
2012-06-09 22:06 - 2012-06-09 22:06 - 00000094 ____A C:\Users\Hannah\AppData\Local\fusioncache.dat
2012-06-09 22:06 - 2012-06-09 22:06 - 00000000 ____D C:\Users\Andy\Local Settings\ApplicationHistory
2012-06-09 22:06 - 2012-06-09 22:06 - 00000000 ____D C:\Users\Andy\Local Settings\Application Data\ApplicationHistory
2012-06-09 22:06 - 2012-06-09 22:06 - 00000000 ____D C:\Users\Andy\AppData\Local\ApplicationHistory
2012-06-09 22:05 - 2012-06-09 22:05 - 00000000 ____D C:\Windows\SysWOW64\URTTEMP
2012-06-09 22:05 - 2007-03-12 17:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2012-06-09 22:00 - 2012-06-09 22:01 - 09067083 ____A C:\Users\Hannah\Downloads\Soartex Fanver.zip
2012-06-09 21:58 - 2012-06-09 21:58 - 01440341 ____A C:\Users\Hannah\Downloads\soartex1.2.5.zip
2012-06-09 20:09 - 2012-06-09 20:09 - 00000000 ____D C:\Users\Ben\Application Data\Trine2
2012-06-09 20:09 - 2012-06-09 20:09 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Trine2
2012-06-09 19:50 - 2012-06-09 19:50 - 00000210 ____A C:\Users\Ben\Desktop\The Lord of the Rings Online.url
2012-06-06 22:48 - 2012-06-06 22:48 - 00000197 ____A C:\Users\Hannah\Desktop\Portal First Slice.url
2012-06-06 21:57 - 2012-06-06 21:57 - 00000000 ____D C:\Users\Hannah\Application Data\Trine2
2012-06-06 21:57 - 2012-06-06 21:57 - 00000000 ____D C:\Users\Hannah\AppData\Roaming\Trine2
2012-06-06 21:56 - 2008-05-30 15:11 - 04991496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
2012-06-06 21:56 - 2008-05-30 15:11 - 03850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2012-06-06 21:56 - 2007-04-04 19:54 - 00107368 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
2012-06-06 21:51 - 2012-06-06 21:51 - 00000194 ____A C:\Users\Hannah\Desktop\Trine 2 Demo.url
2012-06-06 17:37 - 2012-06-06 17:37 - 00000000 ____D C:\Users\Lucy\Local Settings\Application Data\Adobe
2012-06-06 17:37 - 2012-06-06 17:37 - 00000000 ____D C:\Users\Lucy\Local Settings\Adobe
2012-06-06 17:37 - 2012-06-06 17:37 - 00000000 ____D C:\Users\Lucy\AppData\Local\Adobe
2012-06-06 17:12 - 2012-06-06 17:12 - 01007734 ____A C:\Users\Ben\Downloads\LightCraft by Skalander97.zip
2012-06-06 15:00 - 2012-06-06 15:01 - 05356584 ____A (Code Laboratories, Inc.) C:\Users\Andy\Downloads\CL-Eye-Driver-5.0.1.0528 (1).exe
2012-06-06 14:37 - 2012-06-06 15:01 - 00001236 ____A C:\Users\Public\Desktop\CL-Eye Test.lnk
2012-06-06 14:37 - 2012-06-06 14:37 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2012-06-06 14:37 - 2012-06-06 14:37 - 00000000 ____D C:\Program Files (x86)\Code Laboratories
2012-06-06 09:37 - 2012-06-06 09:37 - 00015948 ____A C:\Users\Hannah\Downloads\hs_err_pid99584.log
2012-06-03 08:41 - 2012-06-03 08:42 - 08386590 ____A C:\Users\Ben\Downloads\Soartex Fanver.zip
2012-06-02 21:26 - 2012-06-02 21:26 - 00084993 ____A C:\Users\Ben\Downloads\Dynamic Lights 1.2.4.zip
2012-05-30 22:46 - 2012-05-30 22:46 - 00001807 ____A C:\Users\Hannah\Downloads\sketch (1).png
2012-05-30 22:43 - 2012-05-30 22:43 - 00002022 ____A C:\Users\Hannah\Downloads\sketch.png
2012-05-30 18:27 - 2012-05-30 18:27 - 00013146 ____A C:\Users\Ben\Downloads\hs_err_pid24560.log
2012-05-30 18:19 - 2012-05-30 18:20 - 05938896 ____A C:\Users\Ben\Downloads\MAtmos__1_2_4_r12__WithWeaponInteractions.zip
2012-05-29 20:44 - 2012-05-29 20:45 - 00002122 ____A C:\Users\Ben\Downloads\sketch.png
2012-05-29 18:12 - 2012-05-29 18:12 - 00000221 ____A C:\Users\Ben\Desktop\AI War Fleet Command - Demo.url
2012-05-29 17:17 - 2012-05-29 17:17 - 00000000 ____D C:\Windows\SysWOW64\xlive
2012-05-29 17:17 - 2012-05-29 17:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-05-29 17:17 - 2009-09-04 18:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2012-05-29 17:17 - 2009-09-04 18:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2012-05-29 17:17 - 2007-04-04 19:53 - 00081768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2012-05-29 17:15 - 2008-10-15 07:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2012-05-29 17:15 - 2008-10-15 07:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2012-05-29 17:15 - 2008-10-15 07:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2012-05-29 17:15 - 2008-10-15 07:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2012-05-29 17:15 - 2008-10-15 07:22 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2012-05-29 17:15 - 2008-10-15 07:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2012-05-29 17:15 - 2005-03-18 18:19 - 02337488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2012-05-29 17:07 - 2012-05-29 17:07 - 00000222 ____A C:\Users\Ben\Desktop\Age of Empires Online.url
2012-05-29 07:36 - 2012-05-29 07:36 - 00067464 ____A C:\Windows\System32\CLEyeDevices.dll
2012-05-28 22:24 - 2012-06-12 21:59 - 00000000 ____D C:\Program Files (x86)\Steam
2012-05-28 22:24 - 2012-05-28 22:24 - 01606656 ____A C:\Users\Hannah\Downloads\SteamInstall.msi
2012-05-28 22:24 - 2012-05-28 22:24 - 00000919 ____A C:\Users\Public\Desktop\Steam.lnk
2012-05-28 22:16 - 2012-05-28 22:16 - 01653839 ____A C:\Users\Hannah\Downloads\Shaders-Windows.zip
2012-05-26 18:59 - 2012-05-26 18:59 - 00105478 ____A C:\Users\Ben\Downloads\[1.2.5] Cheat Pack 1.5 #2 Singleplayer.zip
2012-05-26 18:54 - 2012-05-26 18:54 - 00109228 ____A C:\Users\Ben\Downloads\Minecraft 1.2.5 Singleplayer Cheat Pack.zip
2012-05-26 18:37 - 2012-05-26 18:37 - 00276586 ____A C:\Users\Ben\Downloads\zombe's_modpack-v6.2_MC.1.2.5.zip
2012-05-26 14:24 - 2012-05-26 14:24 - 00051131 ____A C:\Users\Ben\Downloads\TooManyItems2012_04_13_1.2.5.zip
2012-05-26 14:14 - 2012-05-26 14:15 - 43813068 ____A C:\Users\Ben\Downloads\Spatial Distortion.zip
2012-05-26 12:20 - 2012-05-26 12:22 - 69677540 ____A C:\Users\Ben\Downloads\The Minecraft Files217.zip
2012-05-26 10:35 - 2012-05-26 10:35 - 00649502 ____A C:\Users\Ben\Downloads\Yay-Toast-Pack-125upgrade.zip
2012-05-20 16:25 - 2012-05-20 16:24 - 00054926 ____A C:\Users\Ben\Downloads\Backpack_1.2.5_FML_r3 - Copy.rar
2012-05-20 16:24 - 2012-05-20 16:24 - 00054926 ____A C:\Users\Ben\Downloads\Backpack_1.2.5_FML_r3.rar
2012-05-20 09:37 - 2012-05-20 09:38 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-05-20 09:37 - 2012-05-20 09:37 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-19 22:54 - 2012-05-19 22:54 - 00240023 ____A C:\Users\Hannah\Downloads\[1.2.5]ReiMinimap_v3.0_06.zip
2012-05-19 22:01 - 2012-05-19 22:01 - 18220021 ____A C:\Users\Hannah\Downloads\Sphax PureBDCraft 128x.zip
2012-05-19 19:59 - 2012-05-19 20:00 - 19735526 ____A C:\Users\Ben\Downloads\MineLoL Texturepack Realistic 128x128.zip
2012-05-19 19:59 - 2012-05-19 20:00 - 11085411 ____A C:\Users\Ben\Downloads\Another Castle!.zip
2012-05-19 19:58 - 2012-05-19 20:00 - 33085073 ____A C:\Users\Ben\Downloads\WoW Pack 1.2.5.zip
2012-05-19 19:57 - 2012-05-19 19:57 - 02151082 ____A C:\Users\Ben\Downloads\Super-Mario.zip
2012-05-19 14:27 - 2012-05-19 14:27 - 01539265 ____A C:\Users\Ben\Downloads\mcpatcher-2.3.6.exe
2012-05-19 14:22 - 2012-05-19 14:22 - 00240023 ____A C:\Users\Ben\Downloads\[1.2.5]ReiMinimap_v3.0_06 (1).zip
2012-05-19 14:21 - 2012-05-19 14:21 - 00240023 ____A C:\Users\Ben\Downloads\[1.2.5]ReiMinimap_v3.0_06.zip
2012-05-18 19:51 - 2012-05-18 19:52 - 08688607 ____A C:\Users\Ben\Downloads\The Survival Games 2.zip
2012-05-16 21:26 - 2012-05-16 21:50 - 00000000 ____D C:\Users\Sam.Desktop\Application Data\Skype
2012-05-16 21:26 - 2012-05-16 21:50 - 00000000 ____D C:\Users\Sam.Desktop\AppData\Roaming\Skype
 
============ 3 Months Modified Files and Folders =============
2012-06-13 16:05 - 2010-09-28 15:16 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-06-13 16:05 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-13 16:05 - 2009-07-14 06:51 - 00052256 ____A C:\Windows\setupact.log
2012-06-13 15:42 - 2012-04-17 20:12 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-13 15:27 - 2012-02-01 21:20 - 00000000 ____D C:\Users\Andy\Local Settings\LogMeIn Hamachi
2012-06-13 15:27 - 2012-02-01 21:20 - 00000000 ____D C:\Users\Andy\Local Settings\Application Data\LogMeIn Hamachi
2012-06-13 15:27 - 2012-02-01 21:20 - 00000000 ____D C:\Users\Andy\AppData\Local\LogMeIn Hamachi
2012-06-13 15:27 - 2011-08-18 07:25 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-13 15:27 - 2011-08-18 07:25 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-13 15:27 - 2010-09-28 15:39 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-06-13 15:25 - 2011-08-17 17:50 - 00000372 ____A C:\Windows\lgfwup.ini
2012-06-13 15:24 - 2011-08-17 17:50 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate
2012-06-13 15:21 - 2012-06-13 15:21 - 00000000 ____D C:\FRST
2012-06-13 13:41 - 2009-07-14 07:10 - 01310884 ____A C:\Windows\WindowsUpdate.log
2012-06-13 13:40 - 2012-06-13 13:40 - 00000162 ___AH C:\Users\Andy\My Documents\~$ternet IDs.doc
2012-06-13 13:40 - 2012-06-13 13:40 - 00000162 ___AH C:\Users\Andy\Documents\~$ternet IDs.doc
2012-06-13 13:01 - 2012-06-13 13:01 - 00003352 ____N C:\bootsqm.dat
2012-06-13 12:01 - 2012-01-11 21:10 - 00000000 __SHD C:\Users\Andy\Local Settings\Application Data\{4d7d91c5-6b57-a2d8-28ea-88014306e428}
2012-06-13 12:01 - 2012-01-11 21:10 - 00000000 __SHD C:\Users\Andy\Local Settings\{4d7d91c5-6b57-a2d8-28ea-88014306e428}
2012-06-13 12:01 - 2012-01-11 21:10 - 00000000 __SHD C:\Users\Andy\AppData\Local\{4d7d91c5-6b57-a2d8-28ea-88014306e428}
2012-06-13 11:52 - 2009-07-14 07:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-13 11:36 - 2009-07-14 06:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-13 11:36 - 2009-07-14 06:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-13 11:35 - 2012-06-13 11:35 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-13 11:35 - 2012-06-13 11:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-13 11:35 - 2012-02-02 01:04 - 00749064 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-13 11:35 - 2012-02-02 01:04 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-13 11:27 - 2011-08-17 16:35 - 00000000 ____D C:\Users\Andy\My Documents\Outlook Files
2012-06-13 11:27 - 2011-08-17 16:35 - 00000000 ____D C:\Users\Andy\Documents\Outlook Files
2012-06-13 11:24 - 2012-06-13 11:24 - 00001096 ____A C:\Users\Sam.Desktop\Desktop\Live Security Platinum.lnk
2012-06-13 11:24 - 2012-06-13 11:24 - 00001096 ____A C:\Users\Lucy\Desktop\Live Security Platinum.lnk
2012-06-13 11:24 - 2012-06-13 11:24 - 00001096 ____A C:\Users\Hannah\Desktop\Live Security Platinum.lnk
2012-06-13 11:24 - 2012-06-13 11:24 - 00001096 ____A C:\Users\Ben\Desktop\Live Security Platinum.lnk
2012-06-13 11:24 - 2012-06-13 11:24 - 00001096 ____A C:\Users\Andy\Desktop\Live Security Platinum.lnk
2012-06-13 11:03 - 2011-09-11 20:20 - 00000000 ____D C:\Users\Lucy\My Documents\Outlook Files
2012-06-13 11:03 - 2011-09-11 20:20 - 00000000 ____D C:\Users\Lucy\Documents\Outlook Files
2012-06-12 22:13 - 2011-11-09 22:52 - 00000000 ____D C:\Users\Hannah\Application Data\Skype
2012-06-12 22:13 - 2011-11-09 22:52 - 00000000 ____D C:\Users\Hannah\AppData\Roaming\Skype
2012-06-12 22:09 - 2012-01-28 23:01 - 00000000 ____D C:\Users\Hannah\Application Data\.minecraft
2012-06-12 22:09 - 2012-01-28 23:01 - 00000000 ____D C:\Users\Hannah\AppData\Roaming\.minecraft
2012-06-12 21:59 - 2012-05-28 22:24 - 00000000 ____D C:\Program Files (x86)\Steam
2012-06-12 21:59 - 2012-01-30 22:46 - 00000000 ____D C:\Users\Hannah\Local Settings\LogMeIn Hamachi
2012-06-12 21:59 - 2012-01-30 22:46 - 00000000 ____D C:\Users\Hannah\Local Settings\Application Data\LogMeIn Hamachi
2012-06-12 21:59 - 2012-01-30 22:46 - 00000000 ____D C:\Users\Hannah\AppData\Local\LogMeIn Hamachi
2012-06-12 21:59 - 2011-08-31 16:40 - 00000000 ____D C:\Users\Hannah\Tracing
2012-06-12 21:10 - 2011-08-31 14:35 - 00000000 ____D C:\Users\Ben\Application Data\Skype
2012-06-12 21:10 - 2011-08-31 14:35 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Skype
2012-06-12 20:42 - 2012-01-21 19:58 - 00000000 ____D C:\Users\Ben\Application Data\.minecraft
2012-06-12 20:42 - 2012-01-21 19:58 - 00000000 ____D C:\Users\Ben\AppData\Roaming\.minecraft
2012-06-12 20:41 - 2012-01-31 17:05 - 00000000 ____D C:\Users\Lucy\Local Settings\LogMeIn Hamachi
2012-06-12 20:41 - 2012-01-31 17:05 - 00000000 ____D C:\Users\Lucy\Local Settings\Application Data\LogMeIn Hamachi
2012-06-12 20:41 - 2012-01-31 17:05 - 00000000 ____D C:\Users\Lucy\AppData\Local\LogMeIn Hamachi
2012-06-12 20:41 - 2012-01-30 22:19 - 00000000 ____D C:\Users\Ben\Local Settings\LogMeIn Hamachi
2012-06-12 20:41 - 2012-01-30 22:19 - 00000000 ____D C:\Users\Ben\Local Settings\Application Data\LogMeIn Hamachi
2012-06-12 20:41 - 2012-01-30 22:19 - 00000000 ____D C:\Users\Ben\AppData\Local\LogMeIn Hamachi
2012-06-11 20:28 - 2012-03-24 09:54 - 00002330 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-06-11 18:24 - 2012-06-11 18:24 - 00000000 ____D C:\Users\Ben\Desktop\Minecraft
2012-06-11 18:23 - 2012-02-15 11:12 - 00000000 ____D C:\Users\Ben\My Documents\Minecraft
2012-06-11 18:23 - 2012-02-15 11:12 - 00000000 ____D C:\Users\Ben\Documents\Minecraft
2012-06-10 21:27 - 2012-06-10 21:27 - 00419840 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-06-10 21:27 - 2012-06-10 21:27 - 00413696 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-06-10 21:27 - 2012-06-10 21:27 - 00133632 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-06-10 21:27 - 2012-06-10 21:27 - 00110592 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-06-10 21:27 - 2012-06-10 21:27 - 00000221 ____A C:\Users\Ben\Desktop\Clones Demo.url
2012-06-10 21:27 - 2012-06-10 21:27 - 00000000 ____D C:\Users\Ben\My Documents\ClonesDemo
2012-06-10 21:27 - 2012-06-10 21:27 - 00000000 ____D C:\Users\Ben\Documents\ClonesDemo
2012-06-10 21:27 - 2012-06-10 21:27 - 00000000 ____D C:\Users\Ben\Application Data\ClonesDemo
2012-06-10 21:27 - 2012-06-10 21:27 - 00000000 ____D C:\Users\Ben\AppData\Roaming\ClonesDemo
2012-06-10 21:27 - 2012-06-10 21:27 - 00000000 ____D C:\Program Files (x86)\OpenAL
2012-06-10 21:26 - 2012-06-10 18:07 - 00000000 ____D C:\Users\Ben\Desktop\Ben's Minecraft Server
2012-06-10 18:52 - 2012-06-10 18:52 - 00015910 ____A C:\Users\Ben\Desktop\hs_err_pid26928.log
2012-06-10 18:38 - 2012-06-10 18:37 - 00002018 ____A C:\Users\Ben\My Documents\mcedit.ini
2012-06-10 18:38 - 2012-06-10 18:37 - 00002018 ____A C:\Users\Ben\Documents\mcedit.ini
2012-06-10 18:37 - 2012-06-10 18:37 - 00060473 ____A C:\Users\Ben\Downloads\mcedit-uninstall.exe
2012-06-10 18:37 - 2012-06-10 18:37 - 00001693 ____A C:\Users\Ben\Desktop\MCEdit.lnk
2012-06-10 18:37 - 2012-06-10 18:37 - 00001671 ____A C:\Users\Ben\Downloads\MCEdit.lnk
2012-06-10 18:37 - 2012-06-10 18:37 - 00000000 ____D C:\Users\Ben\My Documents\MCEdit-schematics
2012-06-10 18:37 - 2012-06-10 18:37 - 00000000 ____D C:\Users\Ben\Downloads\MCEditData
2012-06-10 18:37 - 2012-06-10 18:37 - 00000000 ____D C:\Users\Ben\Downloads\doc
2012-06-10 18:37 - 2012-06-10 18:37 - 00000000 ____D C:\Users\Ben\Documents\MCEdit-schematics
2012-06-10 18:37 - 2012-06-10 18:37 - 00000000 ____D C:\Users\Ben\Application Data\pymclevel
2012-06-10 18:37 - 2012-06-10 18:37 - 00000000 ____D C:\Users\Ben\AppData\Roaming\pymclevel
2012-06-10 18:36 - 2012-06-10 18:35 - 10629010 ____A C:\Users\Ben\Downloads\MCEdit-stable33-win32-setup.exe
2012-06-10 18:34 - 2012-06-10 18:34 - 01779847 ____A C:\Users\Ben\Downloads\mcedit-mcedit-0.1.1-1-g41ea379.zip
2012-06-10 18:08 - 2012-06-10 18:08 - 01589718 ____A C:\Users\Ben\Downloads\Minecraft_Server.exe
2012-06-09 22:29 - 2012-06-09 22:21 - 00000000 ____D C:\Users\Hannah\My Documents\The Lord of the Rings Online
2012-06-09 22:29 - 2012-06-09 22:21 - 00000000 ____D C:\Users\Hannah\Documents\The Lord of the Rings Online
2012-06-09 22:29 - 2012-06-09 22:06 - 00000000 ____D C:\Users\Hannah\Local Settings\ApplicationHistory
2012-06-09 22:29 - 2012-06-09 22:06 - 00000000 ____D C:\Users\Hannah\Local Settings\Application Data\ApplicationHistory
2012-06-09 22:29 - 2012-06-09 22:06 - 00000000 ____D C:\Users\Hannah\AppData\Local\ApplicationHistory
2012-06-09 22:28 - 2012-06-09 22:22 - 00000000 ____D C:\Users\Hannah\Application Data\Mozilla
2012-06-09 22:28 - 2012-06-09 22:22 - 00000000 ____D C:\Users\Hannah\AppData\Roaming\Mozilla
2012-06-09 22:21 - 2012-06-09 22:21 - 00000000 ____D C:\Users\Hannah\Local Settings\The Lord of the Rings Online
2012-06-09 22:21 - 2012-06-09 22:21 - 00000000 ____D C:\Users\Hannah\Local Settings\Application Data\The Lord of the Rings Online
2012-06-09 22:21 - 2012-06-09 22:21 - 00000000 ____D C:\Users\Hannah\AppData\Local\The Lord of the Rings Online
2012-06-09 22:18 - 2012-06-09 22:06 - 00000000 ____D C:\Users\Hannah\Local Settings\Turbine
2012-06-09 22:18 - 2012-06-09 22:06 - 00000000 ____D C:\Users\Hannah\Local Settings\Application Data\Turbine
2012-06-09 22:18 - 2012-06-09 22:06 - 00000000 ____D C:\Users\Hannah\AppData\Local\Turbine
2012-06-09 22:06 - 2012-06-09 22:06 - 00000094 ____A C:\Users\Hannah\Local Settings\fusioncache.dat
2012-06-09 22:06 - 2012-06-09 22:06 - 00000094 ____A C:\Users\Hannah\Local Settings\Application Data\fusioncache.dat
2012-06-09 22:06 - 2012-06-09 22:06 - 00000094 ____A C:\Users\Hannah\AppData\Local\fusioncache.dat
2012-06-09 22:06 - 2012-06-09 22:06 - 00000000 ____D C:\Users\Andy\Local Settings\ApplicationHistory
2012-06-09 22:06 - 2012-06-09 22:06 - 00000000 ____D C:\Users\Andy\Local Settings\Application Data\ApplicationHistory
2012-06-09 22:06 - 2012-06-09 22:06 - 00000000 ____D C:\Users\Andy\AppData\Local\ApplicationHistory
2012-06-09 22:05 - 2012-06-09 22:05 - 00000000 ____D C:\Windows\SysWOW64\URTTEMP
2012-06-09 22:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Registration
2012-06-09 22:01 - 2012-06-09 22:00 - 09067083 ____A C:\Users\Hannah\Downloads\Soartex Fanver.zip
2012-06-09 21:58 - 2012-06-09 21:58 - 01440341 ____A C:\Users\Hannah\Downloads\soartex1.2.5.zip
2012-06-09 20:09 - 2012-06-09 20:09 - 00000000 ____D C:\Users\Ben\Application Data\Trine2
2012-06-09 20:09 - 2012-06-09 20:09 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Trine2
2012-06-09 19:50 - 2012-06-09 19:50 - 00000210 ____A C:\Users\Ben\Desktop\The Lord of the Rings Online.url
2012-06-09 19:50 - 2011-08-17 17:59 - 00000000 ____D C:\Users\Ben\My Documents\Outlook Files
2012-06-09 19:50 - 2011-08-17 17:59 - 00000000 ____D C:\Users\Ben\Documents\Outlook Files
2012-06-09 12:11 - 2011-08-17 16:36 - 00000000 ____D C:\Users\Andy\My Documents\Travel
2012-06-09 12:11 - 2011-08-17 16:36 - 00000000 ____D C:\Users\Andy\Documents\Travel
2012-06-09 12:10 - 2009-07-14 07:13 - 00729880 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-08 21:53 - 2011-08-17 16:35 - 00000000 ____D C:\Users\Andy\Application Data\Skype
2012-06-08 21:53 - 2011-08-17 16:35 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Skype
2012-06-08 21:53 - 2010-09-28 15:23 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-06-06 22:48 - 2012-06-06 22:48 - 00000197 ____A C:\Users\Hannah\Desktop\Portal First Slice.url
2012-06-06 21:57 - 2012-06-06 21:57 - 00000000 ____D C:\Users\Hannah\Application Data\Trine2
2012-06-06 21:57 - 2012-06-06 21:57 - 00000000 ____D C:\Users\Hannah\AppData\Roaming\Trine2
2012-06-06 21:56 - 2010-09-28 15:21 - 00101378 ____A C:\Windows\DirectX.log
2012-06-06 21:51 - 2012-06-06 21:51 - 00000194 ____A C:\Users\Hannah\Desktop\Trine 2 Demo.url
2012-06-06 17:37 - 2012-06-06 17:37 - 00000000 ____D C:\Users\Lucy\Local Settings\Application Data\Adobe
2012-06-06 17:37 - 2012-06-06 17:37 - 00000000 ____D C:\Users\Lucy\Local Settings\Adobe
2012-06-06 17:37 - 2012-06-06 17:37 - 00000000 ____D C:\Users\Lucy\AppData\Local\Adobe
2012-06-06 17:37 - 2011-08-22 16:23 - 00000000 ____D C:\Users\Lucy\Application Data\Adobe
2012-06-06 17:37 - 2011-08-22 16:23 - 00000000 ____D C:\Users\Lucy\AppData\Roaming\Adobe
2012-06-06 17:37 - 2011-08-22 16:22 - 00000000 ____D C:\Users\Lucy\AppData\LocalLow
2012-06-06 17:12 - 2012-06-06 17:12 - 01007734 ____A C:\Users\Ben\Downloads\LightCraft by Skalander97.zip
2012-06-06 15:01 - 2012-06-06 15:00 - 05356584 ____A (Code Laboratories, Inc.) C:\Users\Andy\Downloads\CL-Eye-Driver-5.0.1.0528 (1).exe
2012-06-06 15:01 - 2012-06-06 14:37 - 00001236 ____A C:\Users\Public\Desktop\CL-Eye Test.lnk
2012-06-06 14:37 - 2012-06-06 14:37 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2012-06-06 14:37 - 2012-06-06 14:37 - 00000000 ____D C:\Program Files (x86)\Code Laboratories
2012-06-06 09:37 - 2012-06-06 09:37 - 00015948 ____A C:\Users\Hannah\Downloads\hs_err_pid99584.log
2012-06-06 06:01 - 2012-01-31 23:51 - 00000000 ____D C:\Users\Sam.Desktop\Local Settings\LogMeIn Hamachi
2012-06-06 06:01 - 2012-01-31 23:51 - 00000000 ____D C:\Users\Sam.Desktop\Local Settings\Application Data\LogMeIn Hamachi
2012-06-06 06:01 - 2012-01-31 23:51 - 00000000 ____D C:\Users\Sam.Desktop\AppData\Local\LogMeIn Hamachi
2012-06-04 22:11 - 2011-08-20 12:08 - 00000000 ____D C:\HDW30_TMP
2012-06-03 19:42 - 2011-10-04 21:29 - 00000000 ____D C:\Users\Sam.Desktop\Tracing
2012-06-03 08:42 - 2012-06-03 08:41 - 08386590 ____A C:\Users\Ben\Downloads\Soartex Fanver.zip
2012-06-02 23:37 - 2011-08-17 16:35 - 00000000 ____D C:\Users\Andy\My Documents\Finance
2012-06-02 23:37 - 2011-08-17 16:35 - 00000000 ____D C:\Users\Andy\Documents\Finance
2012-06-02 21:26 - 2012-06-02 21:26 - 00084993 ____A C:\Users\Ben\Downloads\Dynamic Lights 1.2.4.zip
2012-05-30 22:46 - 2012-05-30 22:46 - 00001807 ____A C:\Users\Hannah\Downloads\sketch (1).png
2012-05-30 22:43 - 2012-05-30 22:43 - 00002022 ____A C:\Users\Hannah\Downloads\sketch.png
2012-05-30 18:27 - 2012-05-30 18:27 - 00013146 ____A C:\Users\Ben\Downloads\hs_err_pid24560.log
2012-05-30 18:20 - 2012-05-30 18:19 - 05938896 ____A C:\Users\Ben\Downloads\MAtmos__1_2_4_r12__WithWeaponInteractions.zip
2012-05-29 20:45 - 2012-05-29 20:44 - 00002122 ____A C:\Users\Ben\Downloads\sketch.png
2012-05-29 18:12 - 2012-05-29 18:12 - 00000221 ____A C:\Users\Ben\Desktop\AI War Fleet Command - Demo.url
2012-05-29 17:17 - 2012-05-29 17:17 - 00000000 ____D C:\Windows\SysWOW64\xlive
2012-05-29 17:17 - 2012-05-29 17:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-05-29 17:16 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-05-29 17:07 - 2012-05-29 17:07 - 00000222 ____A C:\Users\Ben\Desktop\Age of Empires Online.url
2012-05-29 07:36 - 2012-05-29 07:36 - 00067464 ____A C:\Windows\System32\CLEyeDevices.dll
2012-05-28 22:24 - 2012-05-28 22:24 - 01606656 ____A C:\Users\Hannah\Downloads\SteamInstall.msi
2012-05-28 22:24 - 2012-05-28 22:24 - 00000919 ____A C:\Users\Public\Desktop\Steam.lnk
2012-05-28 22:24 - 2011-08-22 16:25 - 00000000 ____D C:\users\Hannah
2012-05-28 22:16 - 2012-05-28 22:16 - 01653839 ____A C:\Users\Hannah\Downloads\Shaders-Windows.zip
2012-05-26 18:59 - 2012-05-26 18:59 - 00105478 ____A C:\Users\Ben\Downloads\[1.2.5] Cheat Pack 1.5 #2 Singleplayer.zip
2012-05-26 18:54 - 2012-05-26 18:54 - 00109228 ____A C:\Users\Ben\Downloads\Minecraft 1.2.5 Singleplayer Cheat Pack.zip
2012-05-26 18:37 - 2012-05-26 18:37 - 00276586 ____A C:\Users\Ben\Downloads\zombe's_modpack-v6.2_MC.1.2.5.zip
2012-05-26 14:24 - 2012-05-26 14:24 - 00051131 ____A C:\Users\Ben\Downloads\TooManyItems2012_04_13_1.2.5.zip
2012-05-26 14:15 - 2012-05-26 14:14 - 43813068 ____A C:\Users\Ben\Downloads\Spatial Distortion.zip
2012-05-26 12:22 - 2012-05-26 12:20 - 69677540 ____A C:\Users\Ben\Downloads\The Minecraft Files217.zip
2012-05-26 10:35 - 2012-05-26 10:35 - 00649502 ____A C:\Users\Ben\Downloads\Yay-Toast-Pack-125upgrade.zip
2012-05-26 10:17 - 2010-09-29 00:06 - 00062164 ____A C:\Windows\PFRO.log
2012-05-24 20:06 - 2012-04-17 20:12 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-24 20:06 - 2011-08-18 07:25 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-20 16:24 - 2012-05-20 16:25 - 00054926 ____A C:\Users\Ben\Downloads\Backpack_1.2.5_FML_r3 - Copy.rar
2012-05-20 16:24 - 2012-05-20 16:24 - 00054926 ____A C:\Users\Ben\Downloads\Backpack_1.2.5_FML_r3.rar
2012-05-20 15:48 - 2011-08-17 17:58 - 00000000 ____D C:\Users\Ben\My Documents\Bens blog
2012-05-20 15:48 - 2011-08-17 17:58 - 00000000 ____D C:\Users\Ben\Documents\Bens blog
2012-05-20 09:38 - 2012-05-20 09:37 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-05-20 09:37 - 2012-05-20 09:37 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-19 22:54 - 2012-05-19 22:54 - 00240023 ____A C:\Users\Hannah\Downloads\[1.2.5]ReiMinimap_v3.0_06.zip
2012-05-19 22:01 - 2012-05-19 22:01 - 18220021 ____A C:\Users\Hannah\Downloads\Sphax PureBDCraft 128x.zip
2012-05-19 20:00 - 2012-05-19 19:59 - 19735526 ____A C:\Users\Ben\Downloads\MineLoL Texturepack Realistic 128x128.zip
2012-05-19 20:00 - 2012-05-19 19:59 - 11085411 ____A C:\Users\Ben\Downloads\Another Castle!.zip
2012-05-19 20:00 - 2012-05-19 19:58 - 33085073 ____A C:\Users\Ben\Downloads\WoW Pack 1.2.5.zip
2012-05-19 19:57 - 2012-05-19 19:57 - 02151082 ____A C:\Users\Ben\Downloads\Super-Mario.zip
2012-05-19 14:27 - 2012-05-19 14:27 - 01539265 ____A C:\Users\Ben\Downloads\mcpatcher-2.3.6.exe
2012-05-19 14:22 - 2012-05-19 14:22 - 00240023 ____A C:\Users\Ben\Downloads\[1.2.5]ReiMinimap_v3.0_06 (1).zip
2012-05-19 14:21 - 2012-05-19 14:21 - 00240023 ____A C:\Users\Ben\Downloads\[1.2.5]ReiMinimap_v3.0_06.zip
2012-05-18 19:52 - 2012-05-18 19:51 - 08688607 ____A C:\Users\Ben\Downloads\The Survival Games 2.zip
2012-05-16 21:50 - 2012-05-16 21:26 - 00000000 ____D C:\Users\Sam.Desktop\Application Data\Skype
2012-05-16 21:50 - 2012-05-16 21:26 - 00000000 ____D C:\Users\Sam.Desktop\AppData\Roaming\Skype
2012-05-16 21:29 - 2012-04-07 23:19 - 00000000 ____D C:\Users\Sam.Desktop\Application Data\.minecraft
2012-05-16 21:29 - 2012-04-07 23:19 - 00000000 ____D C:\Users\Sam.Desktop\AppData\Roaming\.minecraft
2012-05-12 12:42 - 2010-10-09 12:49 - 00032768 ____A C:\Users\Andy\My Documents\Internet IDs.doc
2012-05-12 12:42 - 2010-10-09 12:49 - 00032768 ____A C:\Users\Andy\Documents\Internet IDs.doc
2012-05-11 21:57 - 2011-08-19 17:39 - 00000000 ____D C:\Users\Ben\Application Data\Adobe
2012-05-11 21:57 - 2011-08-19 17:39 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Adobe
2012-05-11 21:57 - 2011-08-17 17:55 - 00000000 ____D C:\Users\Ben\AppData\LocalLow
2012-05-10 04:26 - 2009-07-14 06:45 - 00465792 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-10 04:25 - 2010-09-28 15:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-10 04:07 - 2011-10-11 20:27 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-10 04:00 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-09 22:39 - 2012-05-09 22:39 - 00015765 ____A C:\Users\Hannah\Downloads\hs_err_pid80632.log
2012-05-07 16:40 - 2012-05-07 16:19 - 01720320 ____A C:\Users\Sam.Desktop\My Documents\Aspirin.ppt
2012-05-07 16:40 - 2012-05-07 16:19 - 01720320 ____A C:\Users\Sam.Desktop\Documents\Aspirin.ppt
2012-05-05 22:11 - 2012-05-05 22:11 - 00007607 ____A C:\Users\Andy\Local Settings\Resmon.ResmonCfg
2012-05-05 22:11 - 2012-05-05 22:11 - 00007607 ____A C:\Users\Andy\Local Settings\Application Data\Resmon.ResmonCfg
2012-05-05 22:11 - 2012-05-05 22:11 - 00007607 ____A C:\Users\Andy\AppData\Local\Resmon.ResmonCfg
2012-05-05 21:42 - 2011-08-30 18:11 - 00000000 ____D C:\Users\Andy\Local Settings\ElevatedDiagnostics
2012-05-05 21:42 - 2011-08-30 18:11 - 00000000 ____D C:\Users\Andy\Local Settings\Application Data\ElevatedDiagnostics
2012-05-05 21:42 - 2011-08-30 18:11 - 00000000 ____D C:\Users\Andy\AppData\Local\ElevatedDiagnostics
2012-05-05 12:42 - 2012-05-05 12:42 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 23:00 - 2012-05-04 23:00 - 00860753 ____A C:\Users\Hannah\Downloads\SimpleCraft.zip
2012-05-04 22:59 - 2012-05-04 22:59 - 02536937 ____A C:\Users\Hannah\Downloads\GoodMorningCraft.zip
2012-05-02 19:30 - 2012-05-02 19:30 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2012-05-02 19:30 - 2012-05-02 19:30 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-05-02 19:30 - 2011-08-17 17:25 - 00000000 ____D C:\Program Files\ATI Technologies
2012-04-30 02:53 - 2012-04-30 02:53 - 00930416 ____A C:\Windows\Minidump\043012-12714-01.dmp
2012-04-30 02:53 - 2012-03-03 18:55 - 00000000 ____D C:\Windows\Minidump
2012-04-30 02:53 - 2012-03-03 18:54 - 745417739 ____A C:\Windows\MEMORY.DMP
2012-04-29 22:15 - 2012-04-29 22:15 - 01188737 ____A C:\Users\Hannah\Downloads\faithful32pack.zip
2012-04-29 10:58 - 2011-09-11 10:57 - 00000000 ____D C:\Users\Public\Documents\THFC Rota
2012-04-27 22:31 - 2012-04-27 22:31 - 00000000 ____D C:\Users\Hannah\Local Settings\Application Data\Adobe
2012-04-27 22:31 - 2012-04-27 22:31 - 00000000 ____D C:\Users\Hannah\Local Settings\Adobe
2012-04-27 22:31 - 2012-04-27 22:31 - 00000000 ____D C:\Users\Hannah\AppData\Local\Adobe
2012-04-27 22:31 - 2011-08-22 16:28 - 00000000 ____D C:\Users\Hannah\Application Data\Adobe
2012-04-27 22:31 - 2011-08-22 16:28 - 00000000 ____D C:\Users\Hannah\AppData\Roaming\Adobe
2012-04-27 22:31 - 2011-08-22 16:25 - 00000000 ____D C:\Users\Hannah\AppData\LocalLow
2012-04-26 18:44 - 2012-04-26 18:42 - 00000000 ____D C:\Users\Ben\Desktop\DeepSpaceTurtleChase_Client
2012-04-26 18:43 - 2012-01-27 20:32 - 00000000 ____D C:\Users\Andy\Application Data\.minecraft
2012-04-26 18:43 - 2012-01-27 20:32 - 00000000 ____D C:\Users\Andy\AppData\Roaming\.minecraft
2012-04-26 18:36 - 2012-04-18 21:45 - 00000000 ____D C:\Users\Ben\Desktop\world
2012-04-26 18:33 - 2012-03-18 20:37 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2012-04-25 21:45 - 2011-08-22 16:28 - 00000000 ____D C:\Users\Hannah\Local Settings\Google
2012-04-25 21:45 - 2011-08-22 16:28 - 00000000 ____D C:\Users\Hannah\Local Settings\Application Data\Google
2012-04-25 21:45 - 2011-08-22 16:28 - 00000000 ____D C:\Users\Hannah\AppData\Local\Google
2012-04-23 22:00 - 2012-04-22 23:00 - 01129749 ____A C:\Users\Hannah\Downloads\2012-04-22_21.59.04.png
2012-04-22 21:39 - 2012-04-22 21:33 - 06524348 ____A C:\Users\Hannah\Downloads\DeepSpaceTurtleChase.zip
2012-04-21 19:16 - 2012-04-21 18:28 - 00000000 ____D C:\Users\Andy\Local Settings\PMB Files
2012-04-21 19:16 - 2012-04-21 18:28 - 00000000 ____D C:\Users\Andy\Local Settings\Application Data\PMB Files
2012-04-21 19:16 - 2012-04-21 18:28 - 00000000 ____D C:\Users\Andy\AppData\Local\PMB Files
2012-04-21 18:28 - 2012-04-21 18:28 - 00000000 ____D C:\Users\Andy\My Documents\LOTRO Standard Res Install Files EN
2012-04-21 18:28 - 2012-04-21 18:28 - 00000000 ____D C:\Users\Andy\Documents\LOTRO Standard Res Install Files EN
2012-04-21 18:28 - 2012-04-21 18:28 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2012-04-21 15:21 - 2012-04-21 15:21 - 00026472 ____A C:\Users\Ben\Desktop\ModLoaderMP 1.2.5 v1.zip
2012-04-18 21:56 - 2012-04-18 21:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 21:56 - 2012-04-18 21:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2012-04-15 18:23 - 2012-04-15 18:23 - 00000000 ____D C:\Users\Ben\Desktop\Player API
2012-04-15 18:22 - 2012-04-15 18:22 - 00000000 ____D C:\Users\Ben\Desktop\Too Many Items
2012-04-15 18:21 - 2012-04-15 18:21 - 00000000 ____D C:\Users\Ben\Desktop\Smart Moving
2012-04-15 18:21 - 2012-04-15 18:20 - 00000000 ____D C:\Users\Ben\Desktop\Modloader
2012-04-15 18:19 - 2012-04-15 18:19 - 00000000 ____D C:\Users\Ben\Desktop\Server Map version 1
2012-04-15 18:18 - 2012-04-15 18:01 - 00000000 ____D C:\Users\Ben\Desktop\Server Map-
2012-04-12 04:03 - 2009-07-14 04:34 - 00000540 ____A C:\Windows\win.ini
2012-04-09 19:25 - 2012-04-09 19:25 - 00000000 ____D C:\Program Files (x86)\MCSkin3D
2012-04-07 23:40 - 2012-04-07 23:40 - 00024848 ____A C:\Users\Sam.Desktop\My Documents\wow.docx
2012-04-07 23:40 - 2012-04-07 23:40 - 00024848 ____A C:\Users\Sam.Desktop\Documents\wow.docx
2012-04-07 23:40 - 2012-04-07 23:40 - 00000162 ___AH C:\Users\Sam.Desktop\My Documents\~$wow.docx
2012-04-07 23:40 - 2012-04-07 23:40 - 00000162 ___AH C:\Users\Sam.Desktop\Documents\~$wow.docx
2012-04-07 23:33 - 2012-04-07 23:33 - 00278561 ____A C:\Users\Sam.Desktop\Downloads\Minecraft.exe
2012-04-07 23:22 - 2012-04-07 23:22 - 00000000 ____D C:\Users\Sam.Desktop\Application Data\WinRAR
2012-04-07 23:22 - 2012-04-07 23:22 - 00000000 ____D C:\Users\Sam.Desktop\AppData\Roaming\WinRAR
2012-04-07 23:03 - 2011-10-02 17:44 - 00000000 ____D C:\Users\Sam.Desktop\Local Settings\Google
2012-04-07 23:03 - 2011-10-02 17:44 - 00000000 ____D C:\Users\Sam.Desktop\Local Settings\Application Data\Google
2012-04-07 23:03 - 2011-10-02 17:44 - 00000000 ____D C:\Users\Sam.Desktop\AppData\Local\Google
2012-04-07 21:45 - 2012-04-07 21:44 - 05542229 ____A C:\Users\Hannah\Downloads\Assassins Creep (1).zip
2012-04-07 21:45 - 2012-03-23 23:03 - 06516034 ____A C:\Users\Hannah\Downloads\AI_Pack_16x16_v124.zip
2012-04-07 21:42 - 2012-04-07 21:42 - 00876555 ____A C:\Users\Hannah\Downloads\Assassini~Costruttori_v2.0_Assassin version.zip
2012-04-07 09:54 - 2011-08-19 17:39 - 00000000 ____D C:\Users\Ben\Local Settings\Google
2012-04-07 09:54 - 2011-08-19 17:39 - 00000000 ____D C:\Users\Ben\Local Settings\Application Data\Google
2012-04-07 09:54 - 2011-08-19 17:39 - 00000000 ____D C:\Users\Ben\AppData\Local\Google
2012-04-06 22:24 - 2012-04-06 22:22 - 39225864 ____A C:\Users\Hannah\Downloads\Misa412.zip
2012-04-06 07:22 - 2012-04-06 07:22 - 11174400 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-04-06 04:23 - 2012-04-06 04:23 - 00245896 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-04-06 04:23 - 2012-04-06 04:23 - 00245896 ____A C:\Windows\System32\atiapfxx.blb
2012-04-06 04:22 - 2012-04-06 04:22 - 00159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-04-06 04:21 - 2011-07-28 23:40 - 00909312 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-04-06 04:20 - 2010-09-29 00:51 - 01067520 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-04-06 04:16 - 2012-04-06 04:16 - 00503808 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-04-06 04:16 - 2012-04-06 04:16 - 00236544 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-04-06 04:16 - 2011-07-28 23:36 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-04-06 04:14 - 2012-04-06 04:14 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-04-06 04:14 - 2012-04-06 04:14 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-04-06 04:14 - 2012-04-06 04:14 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-04-06 04:14 - 2012-04-06 04:14 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-04-06 04:13 - 2011-07-28 23:30 - 06800896 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-04-06 04:10 - 2012-04-06 04:10 - 26181632 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-04-06 04:00 - 2010-09-29 00:51 - 00064000 ____A (AMD) C:\Windows\System32\coinst.dll
2012-04-06 03:54 - 2010-09-29 00:51 - 07479296 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-04-06 03:50 - 2012-04-06 03:50 - 19753984 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-04-06 03:35 - 2012-04-06 03:35 - 01120768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
2012-04-06 03:34 - 2012-04-06 03:34 - 01831424 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
2012-04-06 03:34 - 2010-09-29 00:51 - 06203392 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-04-06 03:34 - 2010-09-29 00:51 - 04731904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-04-06 03:30 - 2012-04-06 03:30 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-04-06 03:30 - 2012-04-06 03:30 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-04-06 03:30 - 2012-04-06 03:30 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-04-06 03:30 - 2012-04-06 03:30 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-04-06 03:29 - 2012-04-06 03:29 - 16090624 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-04-06 03:29 - 2012-04-06 03:29 - 02631008 ____A C:\Windows\System32\atiumd6a.cap
2012-04-06 03:25 - 2012-04-06 03:25 - 13764096 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-04-06 03:23 - 2010-09-29 00:51 - 07431680 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-04-06 03:22 - 2010-09-29 00:51 - 04795904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-04-06 03:21 - 2012-04-06 03:21 - 02664704 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-04-06 03:11 - 2012-04-06 03:11 - 00360448 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-04-06 03:11 - 2012-04-06 03:11 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-04-06 03:11 - 2012-04-06 03:11 - 00017408 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-04-06 03:11 - 2012-04-06 03:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-04-06 03:11 - 2012-04-06 03:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-04-06 03:11 - 2011-07-28 22:54 - 00514560 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-04-06 03:10 - 2012-04-06 03:10 - 00343040 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-04-06 03:10 - 2012-04-06 03:10 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-04-06 03:09 - 2012-04-06 03:09 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-04-06 03:09 - 2011-10-26 03:21 - 00044544 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-04-06 03:09 - 2011-07-28 22:53 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-04-06 03:09 - 2010-09-29 00:51 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-04-06 03:09 - 2010-09-29 00:51 - 00032256 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-04-06 03:06 - 2012-04-06 03:06 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-04-06 03:06 - 2012-04-06 03:06 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-04-06 03:06 - 2012-04-06 03:06 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-04-06 03:06 - 2012-04-06 03:06 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-04-05 23:34 - 2012-04-05 23:34 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-04-05 23:34 - 2012-04-05 23:34 - 00074752 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-04-05 23:34 - 2012-04-05 23:34 - 00064512 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-04-05 23:33 - 2012-04-05 23:33 - 16457216 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-04-05 23:33 - 2012-04-05 23:33 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-04-05 23:33 - 2012-04-05 23:33 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-04-05 23:32 - 2012-04-05 23:32 - 13007872 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-04-04 18:10 - 2012-04-04 18:10 - 00000000 ____D C:\Users\Andy\Application Data\TuneUp Software
2012-04-04 18:10 - 2012-04-04 18:10 - 00000000 ____D C:\Users\Andy\AppData\Roaming\TuneUp Software
2012-04-04 09:09 - 2011-08-17 16:35 - 00000000 ____D C:\Users\Andy\Application Data\Adobe
2012-04-04 09:09 - 2011-08-17 16:35 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Adobe
2012-04-03 22:58 - 2012-04-03 22:57 - 02104188 ____A C:\Users\Hannah\Downloads\SkyBlock2.1 (1).zip
2012-04-01 22:07 - 2012-04-01 22:07 - 00024174 ____A C:\Users\Hannah\Downloads\Arrows Mod.zip
2012-04-01 22:05 - 2012-04-01 22:05 - 00694792 ____A C:\Users\Hannah\Downloads\MC 1.2.4 - Smart Moving 7.5 (1).zip
2012-04-01 22:05 - 2012-04-01 22:05 - 00083847 ____A C:\Users\Hannah\Downloads\MC 1.2.4 - Player API client 1.0 (1).zip
2012-04-01 22:03 - 2012-04-01 22:03 - 00107814 ____A C:\Users\Hannah\Downloads\ModLoader (3).zip
2012-04-01 22:02 - 2012-04-01 22:00 - 01488305 ____A C:\Users\Hannah\Downloads\mcpatcher-2.3.5_01.exe
2012-04-01 21:48 - 2012-04-01 21:48 - 00694792 ____A C:\Users\Hannah\Downloads\MC 1.2.4 - Smart Moving 7.5.zip
2012-04-01 21:48 - 2012-04-01 21:48 - 00694792 ____A C:\Users\Hannah\Desktop\MC 1.2.4 - Smart Moving 7.5.zip
2012-04-01 21:44 - 2012-04-01 21:44 - 00083847 ____A C:\Users\Hannah\Downloads\MC 1.2.4 - Player API client 1.0.zip
2012-04-01 21:44 - 2012-04-01 21:44 - 00083847 ____A C:\Users\Hannah\Desktop\MC 1.2.4 - Player API client 1.0.zip
2012-04-01 15:46 - 2012-04-01 15:46 - 00000000 ____D C:\Users\Ben\My Documents\Backup
2012-04-01 15:46 - 2012-04-01 15:46 - 00000000 ____D C:\Users\Ben\Documents\Backup
2012-03-31 10:58 - 2011-08-17 16:35 - 00000000 ____D C:\Users\Andy\My Documents\Misc
2012-03-31 10:58 - 2011-08-17 16:35 - 00000000 ____D C:\Users\Andy\Documents\Misc
2012-03-31 08:05 - 2012-05-09 19:45 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-31 06:39 - 2012-05-09 19:45 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-31 06:39 - 2012-05-09 19:45 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-31 05:10 - 2012-05-09 19:45 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 13:35 - 2012-05-09 19:44 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 11:34 - 2012-03-29 11:34 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-03-29 11:34 - 2012-03-29 11:33 - 00000000 ____D C:\Program Files\iTunes
2012-03-29 11:34 - 2011-12-26 08:36 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-03-29 11:33 - 2012-03-29 11:33 - 00000000 ____D C:\Program Files\iPod
2012-03-27 21:53 - 2012-03-27 21:53 - 00737719 ____A C:\Users\Hannah\Downloads\ATs-RPGish_1774854.zip
2012-03-27 21:51 - 2012-03-27 21:51 - 00504942 ____A C:\Users\Hannah\Downloads\eldpack_v3.8a.zip
2012-03-27 21:48 - 2012-03-27 21:48 - 00710622 ____A C:\Users\Hannah\Downloads\Mordeny-Craft.zip
2012-03-27 21:29 - 2012-03-27 21:29 - 05542229 ____A C:\Users\Hannah\Downloads\Assassins Creep.zip
2012-03-27 21:05 - 2011-08-22 16:25 - 00000000 ____D C:\Users\Hannah\Local Settings\VirtualStore
2012-03-27 21:05 - 2011-08-22 16:25 - 00000000 ____D C:\Users\Hannah\Local Settings\Application Data\VirtualStore
2012-03-27 21:05 - 2011-08-22 16:25 - 00000000 ____D C:\Users\Hannah\AppData\Local\VirtualStore
2012-03-26 12:36 - 2011-08-22 16:23 - 00000000 ____D C:\Users\Lucy\Local Settings\Google
2012-03-26 12:36 - 2011-08-22 16:23 - 00000000 ____D C:\Users\Lucy\Local Settings\Application Data\Google
2012-03-26 12:36 - 2011-08-22 16:23 - 00000000 ____D C:\Users\Lucy\AppData\Local\Google
2012-03-25 08:31 - 2011-08-18 07:25 - 00000000 ____D C:\Users\Andy\Local Settings\Google
2012-03-25 08:31 - 2011-08-18 07:25 - 00000000 ____D C:\Users\Andy\Local Settings\Application Data\Google
2012-03-25 08:31 - 2011-08-18 07:25 - 00000000 ____D C:\Users\Andy\AppData\Local\Google
2012-03-24 09:54 - 2011-08-18 07:25 - 00000000 ____D C:\Program Files (x86)\Google
2012-03-24 09:53 - 2012-03-24 09:53 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-03-24 09:53 - 2011-11-13 20:25 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-03-24 09:53 - 2011-08-20 11:50 - 00000000 ____D C:\Users\Andy\Local Settings\Application Data\Adobe
2012-03-24 09:53 - 2011-08-20 11:50 - 00000000 ____D C:\Users\Andy\Local Settings\Adobe
2012-03-24 09:53 - 2011-08-20 11:50 - 00000000 ____D C:\Users\Andy\AppData\Local\Adobe
2012-03-24 09:46 - 2012-03-24 09:46 - 00208478 ____A C:\Users\Andy\Downloads\YourBTbill_18032012.pdf
2012-03-21 21:28 - 2012-03-19 09:02 - 00001866 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2012-03-20 23:27 - 2012-03-20 23:27 - 00015769 ____A C:\Users\Hannah\Downloads\hs_err_pid79448.log
2012-03-20 21:44 - 2012-03-20 21:44 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 21:44 - 2012-03-20 21:44 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-19 09:02 - 2012-03-19 09:02 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2012-03-18 20:39 - 2012-03-18 20:35 - 00001054 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2012-03-17 09:58 - 2012-05-09 19:44 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-16 22:26 - 2012-03-16 22:26 - 00017321 ____A C:\Users\Hannah\Desktop\hs_err_pid25624.log
2012-03-16 22:24 - 2012-03-16 22:24 - 02342228 ____A C:\Users\Hannah\Downloads\Mine Wars.zip
ZeroAccess:
C:\Windows\Installer\{4d7d91c5-6b57-a2d8-28ea-88014306e428}
C:\Windows\Installer\{4d7d91c5-6b57-a2d8-28ea-88014306e428}\@
C:\Windows\Installer\{4d7d91c5-6b57-a2d8-28ea-88014306e428}\L
C:\Windows\Installer\{4d7d91c5-6b57-a2d8-28ea-88014306e428}\n
C:\Windows\Installer\{4d7d91c5-6b57-a2d8-28ea-88014306e428}\U
C:\Windows\Installer\{4d7d91c5-6b57-a2d8-28ea-88014306e428}\U\00000001.@
C:\Windows\Installer\{4d7d91c5-6b57-a2d8-28ea-88014306e428}\U\80000000.@
C:\Windows\Installer\{4d7d91c5-6b57-a2d8-28ea-88014306e428}\U\800000cb.@
ZeroAccess:
C:\Users\Andy\AppData\Local\{4d7d91c5-6b57-a2d8-28ea-88014306e428}
C:\Users\Andy\AppData\Local\{4d7d91c5-6b57-a2d8-28ea-88014306e428}\@
C:\Users\Andy\AppData\Local\{4d7d91c5-6b57-a2d8-28ea-88014306e428}\L
C:\Users\Andy\AppData\Local\{4d7d91c5-6b57-a2d8-28ea-88014306e428}\U
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-14 01:19] - [2009-07-14 03:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 9%
Total physical RAM: 8151.08 MB
Available physical RAM: 7350.7 MB
Total Pagefile: 8149.23 MB
Available Pagefile: 7346.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:920.52 GB) (Free:594.83 GB) NTFS
4 Drive f: () (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
5 Drive g: (RECOVERY) (Fixed) (Total:10.88 GB) (Free:4.41 GB) NTFS
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 3824 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 117 MB 31 KB
Partition 2 Primary 10 GB 118 MB
Partition 3 Primary 920 GB 10 GB
======================================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 FAT32 Partition 117 MB Healthy Hidden
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 G RECOVERY NTFS Partition 10 GB Healthy
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 920 GB Healthy
======================================================================================================
Partitions of Disk 5:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 24 KB
======================================================================================================
Disk: 5
Partition 1
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 F FAT32 Removable 3823 MB Healthy
======================================================================================================
==========================================================
Last Boot: 2012-06-08 01:59
======================= End Of Log ==========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================================================

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to BartPe and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.
 
Farbar Recovery Scan Tool Version: 12-06-2012 02
Ran by SYSTEM at 2012-06-13 22:25:05
Running from F:\
================== Search: "services.exe" ===================
C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-14 01:19] - [2009-07-14 03:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\WINDOWS\System32\services.exe
[2009-07-14 01:19] - [2009-07-14 03:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
 

Attachments

  • fixlist.txt
    529 bytes · Views: 7
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 12-06-2012 02
Ran by SYSTEM at 2012-06-13 22:52:09 Run:1
Running from F:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Windows\System32\consrv.dll not found.
C:\Windows\Installer\{4d7d91c5-6b57-a2d8-28ea-88014306e428} moved successfully.
C:\Users\Andy\AppData\Local\{4d7d91c5-6b57-a2d8-28ea-88014306e428} moved successfully.
C:\Users\Andy\Local Settings\Application Data\{4d7d91c5-6b57-a2d8-28ea-88014306e428} not found.
C:\Users\Andy\Local Settings\{4d7d91c5-6b57-a2d8-28ea-88014306e428} not found.
C:\WINDOWS\System32\services.exe moved successfully.
C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\WINDOWS\System32\services.exe
==== End of Fixlog ====
 
Booted up OK. I am not getting the Windows critical error which makes the pc shut down after 60 seconds. I notice that the shortcut that the trojan placed on the desktop called "Live Security Platinum" is still there.

Thanks for your help Broni so far - what should I do next?
 
Good news :)

We'll run some more scans to make sure you're clean.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Thanks
When I was copying Combofix across to my desktop, at that time Malwarebyte Antimalware popped up on screen saying it had found Live Security Platinum related file, so I quarantined it. I ran Combofix but realised actually although I had disabled MSE real time protection I had not disabled Malwarebyte Antimalware - should I repeat the exercise because of this? If there is no need, here is the log report from Combofix

(I had to reboot the computer in order to be able to access MSE to recommence real time protection)

Here is the text file

ComboFix 12-06-13.05 - Andy 14/06/2012 7:05.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8151.6375 [GMT 1:00]
Running from: c:\users\Andy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{01009237-08E6-4922-A8F1-235AC9600873}.xps
c:\users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1F28F8B3-CA4A-4EE3-87DA-CB9B3C55112C}.xps
c:\users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3B4F0E1A-13B3-4472-B6E4-4DAA800916AE}.xps
c:\users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4136B49F-952C-4124-AA48-4C5A6F7998F0}.xps
c:\users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\{71EBD970-4104-4712-AF5D-479FDFDAAC50}.xps
c:\users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\{85248271-9984-4BF0-9291-FDA96363FF01}.xps
c:\users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\{866F6130-1FBD-46CB-B849-65E04EB05758}.xps
c:\users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E3B626CB-7171-46E2-91E4-EE3A3E953700}.xps
c:\users\Ben\Desktop\Live Security Platinum.lnk
c:\users\Hannah\AppData\Local\Microsoft\Windows\Temporary Internet Files\{558F97AE-F6E1-4930-BF45-36D8791FA52B}.xps
c:\users\Hannah\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BC531439-64B9-476A-A325-887D733CD6D8}.xps
c:\users\Hannah\Desktop\Live Security Platinum.lnk
c:\users\Lucy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1BD477E2-E9B4-484F-B878-EDF333EB4541}.xps
c:\users\Lucy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5838D53E-447A-4CE5-BBD9-A4238DEE7282}.xps
c:\users\Lucy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{61B67FDA-C206-4C41-9FC3-44B0CEFD17A4}.xps
c:\users\Lucy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6F551517-8402-4662-84AF-A2AD72387D47}.xps
c:\users\Lucy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{83234A8B-0B44-41FA-8D57-C9BD88804BD4}.xps
c:\users\Lucy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B0840368-47E3-4E35-AB8E-DDA01FEF4B68}.xps
c:\users\Lucy\Desktop\Live Security Platinum.lnk
c:\users\Sam.Desktop\Desktop\Live Security Platinum.lnk
.
.
((((((((((((((((((((((((( Files Created from 2012-05-14 to 2012-06-14 )))))))))))))))))))))))))))))))
.
.
2012-06-14 06:10 . 2012-06-14 06:10 -------- d-----w- c:\users\Lucy\AppData\Local\temp
2012-06-14 06:10 . 2012-06-14 06:10 -------- d-----w- c:\users\Sam\AppData\Local\temp
2012-06-14 06:10 . 2012-06-14 06:10 -------- d-----w- c:\users\Sam.Desktop\AppData\Local\temp
2012-06-14 06:10 . 2012-06-14 06:10 -------- d-----w- c:\users\Hannah\AppData\Local\temp
2012-06-14 06:10 . 2012-06-14 06:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-14 06:10 . 2012-06-14 06:10 -------- d-----w- c:\users\Ben\AppData\Local\temp
2012-06-13 22:43 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 14:53 . 2012-06-13 14:53 -------- d-----w- c:\users\Andy\AppData\Roaming\Malwarebytes
2012-06-13 14:52 . 2012-06-13 14:52 -------- d-----w- c:\programdata\Malwarebytes
2012-06-13 14:52 . 2012-06-13 14:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-13 14:52 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:21 . 2012-06-13 13:22 -------- d-----w- C:\FRST
2012-06-13 09:35 . 2012-06-13 09:35 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CC54E5DE-B28E-421C-8E72-FA2CBA866FBC}\gapaengine.dll
2012-06-13 09:35 . 2012-05-08 09:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A0CD9DF-3837-450E-A1B7-35B290F476F7}\mpengine.dll
2012-06-13 09:35 . 2012-06-13 09:35 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-13 09:35 . 2012-06-13 09:35 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-13 09:22 . 2012-06-13 09:26 -------- d-----w- c:\programdata\99058D6500006F4E00037C80B4EB2367
2012-06-13 09:20 . 2012-06-13 10:04 -------- d-----w- c:\program files (x86)\Common Files\PSFactoryBuffer
2012-06-10 19:27 . 2012-06-10 19:27 -------- d-----w- c:\users\Ben\AppData\Roaming\ClonesDemo
2012-06-10 19:27 . 2012-06-10 19:27 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2012-06-10 19:27 . 2012-06-10 19:27 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-06-10 19:27 . 2012-06-10 19:27 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2012-06-10 19:27 . 2012-06-10 19:27 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-06-10 19:27 . 2012-06-10 19:27 -------- d-----w- c:\program files (x86)\OpenAL
2012-06-10 16:37 . 2012-06-10 16:37 -------- d-----w- c:\users\Ben\AppData\Roaming\pymclevel
2012-06-09 20:21 . 2012-06-09 20:21 -------- d-----w- c:\users\Hannah\AppData\Local\The Lord of the Rings Online
2012-06-09 20:17 . 2009-09-04 16:29 235344 ----a-w- c:\windows\SysWow64\d3dx11_42.dll
2012-06-09 20:17 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2012-06-09 20:06 . 2012-06-09 20:18 -------- d-----w- c:\users\Hannah\AppData\Local\Turbine
2012-06-09 20:06 . 2012-06-09 20:29 -------- d-----w- c:\users\Hannah\AppData\Local\ApplicationHistory
2012-06-09 20:06 . 2012-06-09 20:06 -------- d-----w- c:\users\Andy\AppData\Local\ApplicationHistory
2012-06-09 20:05 . 2012-06-09 20:05 -------- d-----w- c:\windows\SysWow64\URTTEMP
2012-06-09 20:05 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll
2012-06-09 18:09 . 2012-06-09 18:09 -------- d-----w- c:\users\Ben\AppData\Roaming\Trine2
2012-06-06 19:57 . 2012-06-06 19:57 -------- d-----w- c:\users\Hannah\AppData\Roaming\Trine2
2012-06-06 19:56 . 2008-05-30 13:11 4991496 ----a-w- c:\windows\system32\D3DX9_38.dll
2012-06-06 19:56 . 2008-05-30 13:11 3850760 ----a-w- c:\windows\SysWow64\D3DX9_38.dll
2012-06-06 19:56 . 2007-04-04 17:54 107368 ----a-w- c:\windows\system32\xinput1_3.dll
2012-06-06 15:37 . 2012-06-06 15:37 -------- d-----w- c:\users\Lucy\AppData\Local\Adobe
2012-06-06 12:37 . 2012-06-06 12:37 -------- d-----w- c:\program files (x86)\Code Laboratories
2012-05-29 15:17 . 2009-09-04 16:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2012-05-29 15:17 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-05-29 15:17 . 2007-04-04 17:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2012-05-29 15:17 . 2012-05-29 15:17 -------- d-----w- c:\windows\SysWow64\xlive
2012-05-29 15:17 . 2012-05-29 15:17 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-05-29 15:15 . 2008-10-15 05:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2012-05-29 15:15 . 2008-10-15 05:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2012-05-29 15:15 . 2008-10-15 05:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2012-05-29 15:15 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2012-05-29 15:15 . 2008-10-15 05:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-05-29 15:15 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-05-29 05:36 . 2012-05-29 05:36 67464 ----a-w- c:\windows\system32\CLEyeDevices.dll
2012-05-28 20:24 . 2012-05-28 20:27 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-05-28 20:24 . 2012-06-12 19:59 -------- d-----w- c:\program files (x86)\Steam
2012-05-20 07:38 . 2012-05-20 07:38 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-20 07:38 . 2012-05-20 07:38 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-20 07:38 . 2012-05-20 07:38 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-20 07:38 . 2012-05-20 07:38 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-20 07:38 . 2012-05-20 07:38 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-20 07:38 . 2012-05-20 07:38 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-20 07:38 . 2012-05-20 07:38 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-20 07:37 . 2012-05-20 07:38 -------- d-----w- c:\program files (x86)\QuickTime
2012-05-16 19:26 . 2012-05-16 19:50 -------- d-----w- c:\users\Sam.Desktop\AppData\Roaming\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-24 18:06 . 2012-04-17 18:12 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-24 18:06 . 2011-08-18 05:25 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 10:42 . 2012-05-05 10:42 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2011-07-28 21:40 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2010-09-28 22:51 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2011-07-28 21:36 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2011-07-28 21:30 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2010-09-28 22:51 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2010-09-28 22:51 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2010-09-28 22:51 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2010-09-28 22:51 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2010-09-28 22:51 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2010-09-28 22:51 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2011-07-28 20:54 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2010-09-28 22:51 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2011-07-28 20:53 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2011-10-26 01:21 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2010-09-28 22:51 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-05 21:34 . 2012-04-05 21:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 21:34 . 2012-04-05 21:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-05 21:34 . 2012-04-05 21:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-05 21:33 . 2012-04-05 21:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-05 21:33 . 2012-04-05 21:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-05 21:33 . 2012-04-05 21:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-05 21:32 . 2012-04-05 21:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-03-30 11:35 . 2012-05-09 17:44 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 19:44 . 2012-03-20 19:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 19:44 . 2012-03-20 19:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-17 07:58 . 2012-05-09 17:44 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
"{9427041a-a8dc-4d06-9a68-93873486e957}"= "c:\program files (x86)\Productivity_3.1\prxtbProd.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{9427041a-a8dc-4d06-9a68-93873486e957}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9427041a-a8dc-4d06-9a68-93873486e957}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Productivity_3.1\prxtbProd.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 21:20 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
"{9427041a-a8dc-4d06-9a68-93873486e957}"= "c:\program files (x86)\Productivity_3.1\prxtbProd.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{9427041a-a8dc-4d06-9a68-93873486e957}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-18 39408]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-13 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-04-27 75048]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-09-30 111640]
"MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2011-08-17 557056]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-02 222504]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-25 185640]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-08-23 887976]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-04 559616]
.
c:\users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
.
c:\users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
.
c:\users\Sam.Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
.
c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HD Writer.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2011-8-17 292240]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2010/09/28 15:30;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-04-26 232944]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-18 136176]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 257696]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-18 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-25 189736]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-05-30 3048136]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_9EC60124
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 18:06]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-18 05:25]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-18 05:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-06 8158240]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1840720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bbc.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{9427041A-A8DC-4D06-9A68-93873486E957} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-06-14 07:19:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-14 06:19
.
Pre-Run: 651,508,965,376 bytes free
Post-Run: 656,462,860,288 bytes free
.
- - End Of File - - EE004F240D2AFBAFE751DAC4746DF623
 
this method worked you are a genius
Thanks a lot I used same fix.txt file and it worked
I though I will wipe everything on my computer or put it in the bin
Thanks again
 
Thank you mihai :)

========================================================

Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=====================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
OK thanks Broni, I will need to this at the weekend as snowed under at work at the moment - will post reply as soon as I can - really appreciate your support with this.
 
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.17.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Andy :: DESKTOP [administrator]
Protection: Enabled
17/06/2012 20:31:47
mbam-log-2012-06-17 (20-31-47).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 355553
Time elapsed: 4 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\Ben\Local Settings\lluyfv.exe (Trojan.Agent.P3Xgen) -> Quarantined and deleted successfully.
C:\Users\Ben\Local Settings\Application Data\lluyfv.exe (Trojan.Agent.P3Xgen) -> Quarantined and deleted successfully.
(end)
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-17 20:42:28
-----------------------------
20:42:28.026 OS Version: Windows x64 6.1.7601 Service Pack 1
20:42:28.026 Number of processors: 8 586 0x1E05
20:42:28.026 ComputerName: DESKTOP UserName: Andy
20:42:48.452 Initialize success
20:43:25.825 AVAST engine defs: 12061700
20:46:28.564 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
20:46:28.574 Disk 0 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 8
20:46:28.594 Disk 0 MBR read successfully
20:46:28.594 Disk 0 MBR scan
20:46:28.604 Disk 0 Windows 7 default MBR code
20:46:28.614 Disk 0 Partition 1 00 DE Dell Utility MSDOS5.0 117 MB offset 63
20:46:28.624 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 11142 MB offset 241664
20:46:28.664 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 942608 MB offset 23060480
20:46:28.724 Disk 0 scanning C:\Windows\system32\drivers
20:46:42.975 Service scanning
20:47:08.780 Modules scanning
20:47:08.790 Disk 0 trace - called modules:
20:47:08.870 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
20:47:09.210 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dcb790]
20:47:09.220 3 CLASSPNP.SYS[fffff88001b8e43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8007b01050]
20:47:12.680 AVAST engine scan C:\Windows
20:47:23.901 AVAST engine scan C:\Windows\system32
20:51:45.709 AVAST engine scan C:\Windows\system32\drivers
20:51:59.747 AVAST engine scan C:\Users\Andy
21:15:13.270 AVAST engine scan C:\ProgramData
21:16:37.323 Scan finished successfully
21:37:50.129 Disk 0 MBR has been saved successfully to "C:\Users\Andy\Desktop\MBR.dat"
21:37:50.176 The log file has been saved successfully to "C:\Users\Andy\Desktop\aswMBR.txt"
 
How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 6/18/2012 7:10:25 AM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Andy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.96 Gb Total Physical Memory | 6.44 Gb Available Physical Memory | 80.85% Memory free
15.92 Gb Paging File | 13.05 Gb Available in Paging File | 81.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.52 Gb Total Space | 610.34 Gb Free Space | 66.30% Space Free | Partition Type: NTFS
Drive D: | 4.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 833.86 Gb Total Space | 285.40 Gb Free Space | 34.23% Space Free | Partition Type: NTFS
Drive G: | 97.63 Gb Total Space | 49.98 Gb Free Space | 51.19% Space Free | Partition Type: FAT32
Drive L: | 14.87 Gb Total Space | 0.23 Gb Free Space | 1.56% Space Free | Partition Type: FAT32

Computer Name: DESKTOP | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/18 07:08:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
PRC - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/06 18:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/23 22:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/08/18 16:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/17 16:51:42 | 000,557,056 | ---- | M] (BitLeader) -- C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
PRC - [2011/08/01 18:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/04/22 13:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/12/15 18:53:44 | 000,292,240 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
PRC - [2010/04/27 03:10:16 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010/02/09 12:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/15 13:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/10/02 12:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 12:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/09/30 20:02:38 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 20:02:36 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/25 23:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/07/17 15:07:58 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2009/07/06 13:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/06/09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 03:26:09 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
MOD - [2012/06/14 03:26:01 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/14 03:25:42 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:25:37 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/14 03:25:33 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/10 03:31:36 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/10 03:31:28 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/10 03:29:53 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 03:29:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 03:29:11 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/10 03:29:07 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/10 03:29:05 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/10 03:29:04 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 03:28:59 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/18 16:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/02/09 12:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2010/02/09 12:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2010/02/09 12:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2010/02/09 12:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2010/02/09 12:34:00 | 000,058,688 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2010/02/09 12:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/12/15 13:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/12/15 13:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/06 03:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/05/28 21:25:08 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/24 19:06:26 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/09/28 14:26:39 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/26 17:10:14 | 000,232,944 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/02 12:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/09/30 20:02:38 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 20:02:36 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/06/26 10:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/06 02:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 00:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 14:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/01/29 07:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/10/16 12:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/10/02 21:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 09:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\WINDOWS\SysWOW64\drivers\RxFilter.sys -- (RxFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{68ECD579-BBC5-4349-AEC2-1D28AB4E2870}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {9427041a-a8dc-4d06-9a68-93873486e957} - C:\Program Files (x86)\Productivity_3.1\prxtbProd.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{500DBB15-4777-4EDD-A707-8650DD9CB252}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-63198334-734529218-994976-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-63198334-734529218-994976-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKU\S-1-5-21-63198334-734529218-994976-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-63198334-734529218-994976-1001\..\URLSearchHook: {9427041a-a8dc-4d06-9a68-93873486e957} - C:\Program Files (x86)\Productivity_3.1\prxtbProd.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-63198334-734529218-994976-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-63198334-734529218-994976-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{sear...10482&mntrId=18a90484000000000000842b2b9a50b6
IE - HKU\S-1-5-21-63198334-734529218-994976-1001\..\SearchScopes\{0FB25D2A-22FB-4ECD-8628-31270E0DDEA0}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3008668
IE - HKU\S-1-5-21-63198334-734529218-994976-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7ADFA_enGB445
IE - HKU\S-1-5-21-63198334-734529218-994976-1001\..\SearchScopes\{7AB926CF-FD3E-4EF6-B7ED-AEE853A5DBA7}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=9ED2E1A9-CF3E-4C56-9A70-BA8F160B7DDB&
IE - HKU\S-1-5-21-63198334-734529218-994976-1001\..\SearchScopes\{F33759E6-7E3D-463C-A080-C8B4A77CD83E}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3008668
IE - HKU\S-1-5-21-63198334-734529218-994976-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-63198334-734529218-994976-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)


[2012/03/04 16:08:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\Mozilla\Extensions
[2011/09/03 14:12:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011/09/03 14:12:11 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: General Crawler = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpihmmhdcobmllpcnpfbhnipmhamldje\2.0_0\

O1 HOSTS File: ([2012/06/14 07:13:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Productivity 3.1 Toolbar) - {9427041a-a8dc-4d06-9a68-93873486e957} - C:\Program Files (x86)\Productivity_3.1\prxtbProd.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Productivity 3.1 Toolbar) - {9427041a-a8dc-4d06-9a68-93873486e957} - C:\Program Files (x86)\Productivity_3.1\prxtbProd.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-63198334-734529218-994976-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-63198334-734529218-994976-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-63198334-734529218-994976-1001\..\Toolbar\WebBrowser: (Productivity 3.1 Toolbar) - {9427041A-A8DC-4D06-9A68-93873486E957} - C:\Program Files (x86)\Productivity_3.1\prxtbProd.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDRegion] c:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-63198334-734529218-994976-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-63198334-734529218-994976-1001..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Sam.Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-63198334-734529218-994976-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-63198334-734529218-994976-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-63198334-734529218-994976-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-63198334-734529218-994976-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-63198334-734529218-994976-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} https://register.btinternet.com/templates/btwebcontrol028.cab (webhelper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EE00AA7-E80F-49A6-B1FB-252AFD6A4489}: DhcpNameServer = 192.168.1.254 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/10 18:38:30 | 000,000,067 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/05/31 18:05:04 | 000,000,067 | ---- | M] () - G:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========

[2012/06/18 07:08:45 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
[2012/06/17 20:38:30 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Andy\Desktop\aswMBR.exe
[2012/06/14 07:23:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/14 07:19:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/14 07:00:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/14 07:00:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/14 07:00:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/14 07:00:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/14 07:00:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/14 06:59:37 | 004,557,245 | R--- | C] (Swearware) -- C:\Users\Andy\Desktop\ComboFix.exe
[2012/06/13 15:53:04 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Malwarebytes
[2012/06/13 15:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/13 15:52:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/13 15:52:52 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/13 15:52:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/13 14:21:03 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/13 10:35:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/06/13 10:35:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/13 10:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\99058D6500006F4E00037C80B4EB2367
[2012/06/13 10:20:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PSFactoryBuffer
[2012/06/10 20:27:46 | 000,419,840 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/06/10 20:27:46 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/06/10 20:27:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012/06/09 21:06:08 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\ApplicationHistory
[2012/06/09 21:05:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2012/06/06 13:37:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CL-Eye Driver
[2012/06/06 13:37:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Code Laboratories
[2012/05/29 16:17:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2012/05/29 16:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2012/05/29 16:17:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2012/05/28 21:24:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012/05/28 21:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/05/28 21:24:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/05/20 08:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/20 08:37:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

========== Files - Modified Within 30 Days ==========

[2012/06/18 07:08:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
[2012/06/18 06:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/18 06:27:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/18 05:11:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/17 21:37:50 | 000,000,512 | ---- | M] () -- C:\Users\Andy\Desktop\MBR.dat
[2012/06/17 21:33:41 | 000,000,372 | ---- | M] () -- C:\Windows\lgfwup.ini
[2012/06/17 20:48:14 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/17 20:48:14 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/17 20:42:15 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/17 20:39:44 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/17 20:38:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Andy\Desktop\aswMBR.exe
[2012/06/17 18:08:22 | 000,743,662 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/17 18:08:22 | 000,639,456 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/17 18:08:22 | 000,115,798 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/14 07:13:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/14 06:55:24 | 004,557,245 | R--- | M] (Swearware) -- C:\Users\Andy\Desktop\ComboFix.exe
[2012/06/14 03:22:48 | 000,465,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/13 15:53:00 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/13 10:35:26 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/13 10:35:21 | 000,749,064 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/11 19:28:32 | 000,002,330 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/06/10 20:27:46 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/06/10 20:27:46 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/06/06 14:01:52 | 000,001,236 | ---- | M] () -- C:\Users\Public\Desktop\CL-Eye Test.lnk
[2012/06/06 13:37:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2012/05/29 06:36:40 | 000,067,464 | ---- | M] () -- C:\Windows\SysNative\CLEyeDevices.dll
[2012/05/28 21:24:46 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/05/20 08:37:58 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

========== Files Created - No Company Name ==========

[2012/06/17 21:37:50 | 000,000,512 | ---- | C] () -- C:\Users\Andy\Desktop\MBR.dat
[2012/06/14 07:00:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/14 07:00:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/14 07:00:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/14 07:00:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/14 07:00:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/13 15:53:00 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/13 10:35:22 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/06 13:37:53 | 000,001,236 | ---- | C] () -- C:\Users\Public\Desktop\CL-Eye Test.lnk
[2012/06/06 13:37:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2012/05/29 16:17:00 | 000,001,340 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012/05/29 06:36:40 | 000,067,464 | ---- | C] () -- C:\Windows\SysNative\CLEyeDevices.dll
[2012/05/28 21:24:46 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/05/20 08:37:58 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/05/05 21:11:58 | 000,007,607 | ---- | C] () -- C:\Users\Andy\AppData\Local\Resmon.ResmonCfg
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/02/15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/02 00:04:36 | 000,749,064 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/25 21:13:59 | 000,000,618 | ---- | C] () -- C:\Windows\eReg.dat
[2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/03 14:36:40 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2011/08/31 13:39:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/08/17 19:01:30 | 000,000,119 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/08/17 16:50:55 | 000,000,372 | ---- | C] () -- C:\Windows\lgfwup.ini
[2010/09/28 23:07:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/28 14:27:18 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2010/09/28 14:27:18 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2010/09/28 14:27:18 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2010/09/28 14:27:15 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/09/28 14:27:15 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

========== LOP Check ==========

[2012/04/26 17:43:12 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\.minecraft
[2011/09/25 17:53:56 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Amazon
[2012/03/04 16:08:46 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Babylon
[2011/08/24 11:53:01 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\BSD
[2011/09/03 14:27:21 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Canon
[2012/01/01 09:33:56 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\DVDVideoSoft
[2012/01/01 09:33:47 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/03/11 09:47:07 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Media Finder
[2011/08/17 15:35:35 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\PCDr
[2011/09/03 14:36:38 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\ScanSoft
[2011/11/09 11:41:44 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Spotify
[2011/08/17 15:35:35 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\TomTom
[2012/04/04 17:10:50 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\TuneUp Software
[2011/08/24 12:43:54 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\WindSolutions
[2012/06/17 17:06:42 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\.minecraft
[2012/06/10 20:27:51 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\ClonesDemo
[2012/06/10 17:37:13 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\pymclevel
[2012/06/09 19:09:38 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Trine2
[2012/06/12 21:09:36 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\.minecraft
[2012/06/06 20:57:57 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\Trine2
[2012/05/16 20:29:25 | 000,000,000 | ---D | M] -- C:\Users\Sam.Desktop\AppData\Roaming\.minecraft
[2012/06/13 10:52:46 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/06/14 07:19:09 | 000,033,123 | ---- | M] () -- C:\ComboFix.txt
[2010/09/28 23:59:23 | 000,004,986 | RH-- | M] () -- C:\dell.sdr
[2012/06/17 20:39:44 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/17 20:39:48 | 4252,057,599 | -HS- | M] () -- C:\pagefile.sys
[2012/03/04 16:20:43 | 000,002,984 | ---- | M] () -- C:\user.js

< %systemroot%\Fonts\*.com >
[2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/10/11 19:43:42 | 000,000,221 | -HS- | M] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/06/17 20:38:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Andy\Desktop\aswMBR.exe
[2012/06/14 06:55:24 | 004,557,245 | R--- | M] (Swearware) -- C:\Users\Andy\Desktop\ComboFix.exe
[2012/06/18 07:08:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/18 06:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/17 20:42:15 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/18 06:27:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/17 20:40:03 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/06/13 10:52:46 | 000,032,620 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/02/16 08:28:31 | 000,000,402 | -HS- | M] () -- C:\Users\Andy\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/08/17 19:01:30 | 000,000,119 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

< >
< End of report >
 
OTL Extras logfile created on: 6/18/2012 7:10:25 AM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Andy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.96 Gb Total Physical Memory | 6.44 Gb Available Physical Memory | 80.85% Memory free
15.92 Gb Paging File | 13.05 Gb Available in Paging File | 81.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.52 Gb Total Space | 610.34 Gb Free Space | 66.30% Space Free | Partition Type: NTFS
Drive D: | 4.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 833.86 Gb Total Space | 285.40 Gb Free Space | 34.23% Space Free | Partition Type: NTFS
Drive G: | 97.63 Gb Total Space | 49.98 Gb Free Space | 51.19% Space Free | Partition Type: FAT32
Drive L: | 14.87 Gb Total Space | 0.23 Gb Free Space | 1.56% Space Free | Partition Type: FAT32

Computer Name: DESKTOP | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{258E529E-5D6B-4DC6-9A88-9C8DBD6A4B58}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2ED95CF4-5C54-4476-ADDF-0902D2A91470}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2903AAC5-C110-4D5A-9F69-20E20C5EC9A8}" = protocol=58 | dir=in | app=system |
"{34058832-C92C-4500-9031-3CD3D6CDCD74}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{60E4FBEB-0BCA-4F74-9BF3-928268F39ECB}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8FCE00D3-2650-42EF-AEDA-E29BC15A4043}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{958C329B-BEE2-46E3-B972-FED54614F11C}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{A2370AC4-F82A-4701-94C3-D62766896377}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{10A347CD-7777-4593-8F40-58FA2E6E50E0}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{544B2190-9201-404C-9AAD-19F02186B40A}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{9433BD7A-43B8-4B37-AD04-C2BF9E7338A8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{2F4AC42C-3737-4A55-A9DC-01610E84C0E3}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{563B3DE0-B6EC-4EAA-A2FA-99E3219231EC}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"UDP Query User{A3C9A316-91BF-4C36-A890-A651F420460F}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series" = Canon MP970 series
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{312B06EC-684D-24DF-0AB6-F66DC61193B5}" = ATI AVIVO64 Codecs
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{982E1601-0DFC-4FD3-A427-AC6570697858}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D77162FE-B7B2-8E1E-D80D-89DE6217DF13}" = AMD Drag and Drop Transcoding
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CanonMyPrinter" = Canon My Printer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 30
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2CBB71EE-A4DD-4B4D-A635-608D8D1E6F81}" = Driver Tool
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{36CEA188-3DFA-6391-4774-C92D4B092407}" = Skins
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
"{5678B15A-504C-4A79-8554-05488A206E41}" = HD Writer AE 3.0
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{ED94BE03-E6CC-4268-B03A-92080E3035A6}_is1" = MCSkin3D version 1.3
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}" = Easy Driver Pro
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.07.01.8015
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"BabylonToolbar" = Babylon toolbar on IE
"Canon MP970 series User Registration" = Canon MP970 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CL-Eye Driver" = CL-Eye Driver
"Dell Dock" = Dell Dock
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free YouTube Download_is1" = Free YouTube Download version 3.0.19.1206
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{231A1A09-FDF2-45F2-B3D1-964CECE372BC}" = Seagate Manager Installer
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NetDevil_LEGO_Universe_is1" = LEGO Universe
"Office14.SingleImage" = Microsoft Office Professional 2010
"OpenAL" = OpenAL
"Productivity_3.1 Toolbar" = Productivity 3.1 Toolbar
"Steam App 105430" = Age of Empires Online
"Steam App 204260" = Trine 2 Demo
"Steam App 212500" = The Lord of the Rings Online™
"Steam App 40410" = AI War: Fleet Command - Demo
"Steam App 410" = Portal: First Slice
"Steam App 72410" = Clones Demo
"TomTom HOME" = TomTom HOME 2.8.2.2264
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"WOLAPI" = Westwood Shared Internet Components
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-63198334-734529218-994976-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/15/2012 9:32:41 AM | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5507

Error - 5/15/2012 9:32:41 AM | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5507

Error - 5/15/2012 9:32:42 AM | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/15/2012 9:32:42 AM | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6506

Error - 5/15/2012 9:32:42 AM | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6506

Error - 5/15/2012 9:32:43 AM | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/15/2012 9:32:43 AM | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7504

Error - 5/15/2012 9:32:43 AM | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7504

Error - 5/15/2012 9:44:38 AM | Computer Name = Desktop | Source = System Restore | ID = 8193
Description =

Error - 5/15/2012 12:30:52 PM | Computer Name = Desktop | Source = System Restore | ID = 8193
Description =

[ Dell Events ]
Error - 8/18/2011 8:06:06 AM | Computer Name = Desktop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/18/2011 8:06:06 AM | Computer Name = Desktop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/20/2011 9:25:28 AM | Computer Name = Desktop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 3/5/2012 1:33:31 AM | Computer Name = Desktop | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 3/5/2012 3:13:41 AM | Computer Name = Desktop | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 3/5/2012 3:16:11 AM | Computer Name = Desktop | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 3/5/2012 3:16:12 AM | Computer Name = Desktop | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 3/5/2012 5:58:53 AM | Computer Name = Desktop | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 3/5/2012 6:22:22 AM | Computer Name = Desktop | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 3/5/2012 10:35:12 AM | Computer Name = Desktop | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 3/5/2012 1:31:58 PM | Computer Name = Desktop | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 3/5/2012 1:31:59 PM | Computer Name = Desktop | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 3/5/2012 1:32:22 PM | Computer Name = Desktop | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.


< End of report >
 
Posted both text files above.

Just so you are aware while running the OTL program I did get a number of error boxes reading "There is no disk in the drive. Please insert a disk into drive\Device\Harddisk5\DR5" - (The number 5 was replaced with different numbers on different occasions). I believe that this error message relates to the card reader that I have built in to the pc and so continued the process and did not worry too much about that.

Generally the pc appears to be working well but appreciate we have not given it a clean bill of health just yet. Its loads better than it was last week thanks to your help.

Thanks for your continued support.
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
PRC - [2011/08/23 22:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
IE - HKU\S-1-5-21-63198334-734529218-994976-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-63198334-734529218-994976-1001\..\SearchScopes\{7AB926CF-FD3E-4EF6-B7ED-AEE853A5DBA7}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=9ED2E1A9-CF3E-4C56-9A70-BA8F160B7DDB&
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-63198334-734529218-994976-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found


:Services

:Reg

:Files
C:\Program Files (x86)\Ask.com

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
======================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.
2. Please download Farbar Service Scanner(FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
No active process named Updater.exe was found!
Registry value HKEY_USERS\S-1-5-21-63198334-734529218-994976-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_USERS\S-1-5-21-63198334-734529218-994976-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7AB926CF-FD3E-4EF6-B7ED-AEE853A5DBA7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AB926CF-FD3E-4EF6-B7ED-AEE853A5DBA7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-63198334-734529218-994976-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
C:\Program Files (x86)\Ask.com\assets folder moved successfully.
C:\Program Files (x86)\Ask.com folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Andy
->Temp folder emptied: 220495855 bytes
->Temporary Internet Files folder emptied: 923140192 bytes
->Java cache emptied: 26275 bytes
->Google Chrome cache emptied: 6380849 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 45518 bytes

User: Ben
->Temp folder emptied: 5540433 bytes
->Temporary Internet Files folder emptied: 757902980 bytes
->Java cache emptied: 108571 bytes
->Google Chrome cache emptied: 372808364 bytes
->Flash cache emptied: 76337 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User

User: Hannah
->Temp folder emptied: 3651 bytes
->Temporary Internet Files folder emptied: 727167073 bytes
->Java cache emptied: 58743 bytes
->Google Chrome cache emptied: 6629894 bytes
->Flash cache emptied: 53382 bytes

User: Lucy
->Temp folder emptied: 730 bytes
->Temporary Internet Files folder emptied: 269378777 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 8111 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Sam
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2654599 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Sam.Desktop
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 271162225 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 5901 bytes

User: TEMP
->Temp folder emptied: 0 bytes

User: TEMP.Desktop
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 89174 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 51654 bytes
RecycleBin emptied: 6134180926 bytes

Total Files Cleaned = 9,249.00 mb


[EMPTYJAVA]

User: All Users

User: Andy
->Java cache emptied: 0 bytes

User: Ben
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Hannah
->Java cache emptied: 0 bytes

User: Lucy
->Java cache emptied: 0 bytes

User: Public

User: Sam
->Java cache emptied: 0 bytes

User: Sam.Desktop
->Java cache emptied: 0 bytes

User: TEMP

User: TEMP.Desktop

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Andy
->Flash cache emptied: 0 bytes

User: Ben
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Hannah
->Flash cache emptied: 0 bytes

User: Lucy
->Flash cache emptied: 0 bytes

User: Public

User: Sam
->Flash cache emptied: 0 bytes

User: Sam.Desktop
->Flash cache emptied: 0 bytes

User: TEMP

User: TEMP.Desktop

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.49.0 log created on 06192012_071228
Files\Folders moved on Reboot...
C:\Users\Andy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
McAfee Security Scan Plus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 30
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````
 
Farbar Service Scanner Version: 19-06-2012
Ran by Andy (administrator) on 19-06-2012 at 07:28:01
Running from "C:\Users\Andy\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****
 
You must log in or register to reply here.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni

Latest posts

Back