Jump to content


  • Posts

  • Joined

  • Last visited

Posts posted by Paul_Lynch

  1. ah yeah, when i copied and pasted it straight from above it did it all in one line once it was in the OTL. heres Log, thanks.

    All processes killed

    ========== OTL ==========

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.

    File C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll not found.

    Registry value HKEY_USERS\S-1-5-21-847241449-3843327803-101957182-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.

    File C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll not found.

    HKEY_USERS\S-1-5-21-847241449-3843327803-101957182-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

    Registry key HKEY_USERS\S-1-5-21-847241449-3843327803-101957182-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ not found.

    Registry key HKEY_USERS\S-1-5-21-847241449-3843327803-101957182-1001\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.

    Registry key HKEY_USERS\S-1-5-21-847241449-3843327803-101957182-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.

    HKU\S-1-5-21-847241449-3843327803-101957182-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

    HKU\S-1-5-21-847241449-3843327803-101957182-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

    C:\Users\Lynchy\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.

    C:\Users\Lynchy\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\Plugins folder moved successfully.

    C:\Users\Lynchy\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.

    C:\Users\Lynchy\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.

    C:\Users\Lynchy\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.

    C:\Users\Lynchy\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.

    C:\Users\Lynchy\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.

    C:\Users\Lynchy\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.

    C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.

    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.

    File C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll not found.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{687578b9-7132-4a7a-80e4-30ee31099e03} not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.

    File C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll not found.

    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ not found.

    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{338B4DFE-2E2C-4338-9E41-E176D497299E} not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ not found.

    Registry value HKEY_USERS\S-1-5-21-847241449-3843327803-101957182-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BfcQvyfn deleted successfully.

    C:\Users\Lynchy\AppData\Local\syjpmxpn\bfcqvyfn.exe moved successfully.

    File move failed. C:\Users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bfcqvyfn.exe scheduled to be moved on reboot.

    Folder C:\Program Files (x86)\uTorrentControl2\ not found.

    C:\Program Files (x86)\Yontoo folder moved successfully.

    Folder C:\Program Files (x86)\uTorrent\ not found.

    C:\Users\Lynchy\AppData\Local\syjpmxpn folder moved successfully.

    File C:\Users\Lynchy\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk not found.

    File C:\Users\Public\Desktop\µTorrent.lnk not found.

    File move failed. C:\Users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bfcqvyfn.exe scheduled to be moved on reboot.

    Folder C:\Users\Lynchy\AppData\Roaming\uTorrent\ not found.

    ========== FILES ==========

    < ipconfig /flushdns /c >

    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    C:\Users\Lynchy\Desktop\cmd.bat deleted successfully.

    C:\Users\Lynchy\Desktop\cmd.txt deleted successfully.

    ========== COMMANDS ==========


    User: All Users

    User: Default

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 67 bytes

    ->Flash cache emptied: 41620 bytes

    User: Default User

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 0 bytes

    ->Flash cache emptied: 0 bytes

    User: Lynchy

    ->Temp folder emptied: 5392078 bytes

    ->Temporary Internet Files folder emptied: 12033953 bytes

    ->Java cache emptied: 473736 bytes

    ->Flash cache emptied: 3374 bytes

    User: Public

    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes

    %systemroot% .tmp files removed: 0 bytes

    %systemroot%\System32 .tmp files removed: 0 bytes

    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes

    %systemroot%\System32\drivers .tmp files removed: 0 bytes

    Windows Temp folder emptied: 904066 bytes

    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes

    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 18.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version log created on 07192012_171747

    Files\Folders moved on Reboot...

    C:\Users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bfcqvyfn.exe moved successfully.

    C:\Users\Lynchy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    File C:\Users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bfcqvyfn.exe not found!

    File C:\Users\Lynchy\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...

  2. Hi there. ive copied the text into the box in the OTL but it keeps just rebooting straight away, then when laptop comes back on there is this log:

    All processes killed

    Error: Unable to interpret <:OTLIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/mp3rocket/%7B2709E692-8504-43AB-958E-70A9147980B4IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=341e28f8000000000000e0915337f1cb&tlver= - HKU\S-1-5-21-847241449-3843327803-101957182-1001\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/mp3rocket/%7B86159C73-FD28-460B-B539-D7> in the current context!

    Error: Unable to interpret <EE9E15F789%7D?q={searchTermsIE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6OypS80pF5&i=26IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;;<local>[2012/07/16 12:49:04 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Lynchy\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}[2011/03/09 18:11:23 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xmlO2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) > in the current context!

    Error: Unable to interpret <- {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.O4 - HKU\S-1-5-21-847241449-3843327803-101957182-1001..\Run: [bfcQvyfn] C:\Users\Lynchy\AppData\Local\syjpmxpn\bfcqvyfn.exe ()O4 - Startup: C:\Users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bfcqvyfn.exe ()[2012/07/16 12:48:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrentControl2[2012/07/16 12:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo[2012/07/16 12:48:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent[2012/07/08 05:48:15 | 000,000,000 | ---D | C] -- C:\Users\Lynchy\AppData\Local\syjpmxpn[2012/07/16 12:48:26 | 000,000,974 | ---- | M] () -- C:\Users\Lynchy\Application Data\Microsoft\Internet Explorer> in the current context!

    Error: Unable to interpret <\Quick Launch\µTorrent.lnk[2012/07/16 12:48:26 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk[2012/07/08 05:48:11 | 000,099,675 | --S- | M] () -- C:\Users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bfcqvyfn.exe[2012/07/17 14:51:52 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\uTorrent:filesipconfig /flushdns /c:Commands[emptytemp][clearallrestorepoints]> in the current context!

    OTL by OldTimer - Version log created on 07192012_001637

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

  3. OTL logfile created on: 17/07/2012 21:52:58 - Run 1

    OTL by OldTimer - Version Folder = C:\Users\Lynchy\Desktop

    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

    Internet Explorer (Version = 9.0.8112.16421)

    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.97 Gb Total Physical Memory | 2.79 Gb Available Physical Memory | 70.33% Memory free

    7.93 Gb Paging File | 6.01 Gb Available in Paging File | 75.77% Paging File free

    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

    Drive C: | 290.04 Gb Total Space | 52.45 Gb Free Space | 18.08% Space Free | Partition Type: NTFS

    Computer Name: LYNCHY-PC | User Name: Lynchy | Logged in as Administrator.

    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/17 21:51:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Lynchy\Desktop\OTL.exe

    PRC - [2012/07/09 13:41:48 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

    PRC - [2012/07/09 13:41:47 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe

    PRC - [2012/05/29 03:46:28 | 000,932,528 | ---- | M] () -- C:\Users\Lynchy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

    PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Lynchy\AppData\Local\Akamai\netsession_win.exe

    PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

    PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

    PRC - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

    PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

    PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

    PRC - [2010/12/09 11:45:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe

    PRC - [2010/03/16 18:18:26 | 000,452,608 | ---- | M] () -- C:\Program Files (x86)\OEM\DSG OSD 1.01\SunflowerOSD.exe

    PRC - [2005/04/29 17:15:40 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe

    ========== Modules (No Company Name) ==========

    MOD - [2012/07/09 13:41:49 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll

    MOD - [2012/07/09 13:41:47 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe

    MOD - [2012/05/29 03:46:28 | 000,932,528 | ---- | M] () -- C:\Users\Lynchy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

    MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

    MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

    MOD - [2010/03/16 18:18:26 | 000,452,608 | ---- | M] () -- C:\Program Files (x86)\OEM\DSG OSD 1.01\SunflowerOSD.exe

    MOD - [2010/03/16 18:14:46 | 000,413,184 | ---- | M] () -- C:\Program Files (x86)\OEM\DSG OSD 1.01\Media_DSG.dll

    MOD - [2009/11/17 18:21:06 | 000,092,160 | ---- | M] () -- C:\Program Files (x86)\OEM\DSG OSD 1.01\SoilIO.dll

    MOD - [2005/04/29 17:15:40 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe

    MOD - [2005/04/29 17:15:36 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\TouchFreeze\TouchFreeze.dll

    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/08/12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)

    SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

    SRV - [2012/07/11 19:13:52 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)

    SRV - [2012/07/11 18:27:17 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

    SRV - [2012/07/09 13:41:48 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)

    SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

    SRV - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)

    SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

    SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/10 03:38:17 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro36)

    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

    DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

    DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

    DRV:64bit: - [2011/11/29 12:23:23 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)

    DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

    DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

    DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

    DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

    DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

    DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

    DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

    DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

    DRV:64bit: - [2011/02/17 20:45:26 | 000,867,824 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SPTD.SYS -- (sptd)

    DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

    DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

    DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

    DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

    DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

    DRV:64bit: - [2010/05/26 19:00:00 | 000,164,464 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)

    DRV:64bit: - [2010/05/21 19:36:30 | 001,108,000 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)

    DRV:64bit: - [2010/02/25 12:26:58 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\JME.sys -- (JME) JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits)

    DRV:64bit: - [2009/12/11 18:28:52 | 000,017,912 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SoilIO.sys -- (SoilIO)

    DRV:64bit: - [2009/12/03 11:04:16 | 000,013,304 | ---- | M] (Systems Internals) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SoilMC.sys -- (SoilMC)

    DRV:64bit: - [2009/12/03 11:03:50 | 000,013,816 | ---- | M] (Systems Internals) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Soilkbc.sys -- (soilkbc)

    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

    DRV:64bit: - [2009/06/08 08:02:14 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)

    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

    DRV:64bit: - [2008/11/11 14:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)

    DRV:64bit: - [2008/11/11 14:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)

    DRV:64bit: - [2008/11/11 14:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)

    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

    DRV - [2009/06/08 07:57:40 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)

    ========== Standard Registry (SafeList) ==========

    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/mp3rocket/{2709E692-8504-43AB-958E-70A9147980B4}

    IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)

    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/

    IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)

    IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}

    IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

    IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=341e28f8000000000000e0915337f1cb&tlver=

    IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={070C34DE-7425-4BF1-84B2-AE4C6568450F}&mid=69d6a4936b7847d6a4361cb0cb3ba0fc-ad1491be2ce6c122f6b66faa90e70c2decf7d34c〈=en&ds=AVG&pr=fr&d=2012-07-09 13:41:54&v={searchTerms}

    IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/mp3rocket/{86159C73-FD28-460B-B539-D7EE9E15F789}?q={searchTerms}

    IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6OypS80pF5&i=26

    IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;;<local>

    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()

    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/09 13:40:23 | 000,000,000 | ---D | M]

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/09 13:40:24 | 000,000,000 | ---D | M]

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\\ [2012/07/09 13:42:03 | 000,000,000 | ---D | M]

    [2012/07/16 12:49:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lynchy\AppData\Roaming\Mozilla\Firefox\extensions

    [2012/07/16 12:49:04 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Lynchy\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

    [2012/07/16 12:49:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lynchy\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}.oldbackup

    [2012/01/15 14:54:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

    [2011/03/09 18:11:23 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

    O1 HOSTS File: ([2012/07/17 12:55:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

    O1 - Hosts: localhost

    O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)

    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\\AVG Secure Search_toolbar.dll ()

    O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)

    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\\AVG Secure Search_toolbar.dll ()

    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.

    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.

    O3 - HKU\S-1-5-21-847241449-3843327803-101957182-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

    O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)

    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

    O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

    O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found

    O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe File not found

    O4 - HKLM..\Run: [intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk ()

    O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()

    O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)

    O4 - HKU\S-1-5-21-847241449-3843327803-101957182-1001..\Run: [Akamai NetSession Interface] C:\Users\Lynchy\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)

    O4 - HKU\S-1-5-21-847241449-3843327803-101957182-1001..\Run: [bfcQvyfn] C:\Users\Lynchy\AppData\Local\syjpmxpn\bfcqvyfn.exe ()

    O4 - HKU\S-1-5-21-847241449-3843327803-101957182-1001..\Run: [spotify Web Helper] C:\Users\Lynchy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()

    O4 - HKU\S-1-5-21-847241449-3843327803-101957182-1001..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

    O4 - HKU\S-1-5-21-847241449-3843327803-101957182-1001..\Run: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe ()

    O4 - HKU\S-1-5-21-847241449-3843327803-101957182-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)

    O4 - Startup: C:\Users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bfcqvyfn.exe ()

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-21-847241449-3843327803-101957182-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-21-847241449-3843327803-101957182-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found

    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found

    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D211927F-7A7F-442A-8190-CE84A61719E2}: DhcpNameServer =

    O18:64bit: - Protocol\Handler\livecall - No CLSID value found

    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

    O18:64bit: - Protocol\Handler\msnim - No CLSID value found

    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found

    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()

    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2011/02/11 13:05:07 | 000,000,000 | ---D | M] - C:\Automatically Add to iTunes -- [ NTFS ]

    O34 - HKLM BootExecute: (autocheck autochk *)

    O35:64bit: - HKLM\..comfile [open] -- "%1" %*

    O35:64bit: - HKLM\..exefile [open] -- "%1" %*

    O35 - HKLM\..comfile [open] -- "%1" %*

    O35 - HKLM\..exefile [open] -- "%1" %*

    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

    O37 - HKLM\...com [@ = ComFile] -- "%1" %*

    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/17 21:51:57 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Lynchy\Desktop\OTL.exe

    [2012/07/17 13:02:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

    [2012/07/17 13:02:51 | 000,000,000 | ---D | C] -- C:\Windows\temp

    [2012/07/16 21:08:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

    [2012/07/16 21:08:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

    [2012/07/16 21:08:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

    [2012/07/16 21:08:50 | 000,000,000 | ---D | C] -- C:\Qoobox

    [2012/07/16 21:08:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

    [2012/07/16 21:08:00 | 004,579,127 | R--- | C] (Swearware) -- C:\Users\Lynchy\Desktop\ComboFix.exe

    [2012/07/16 15:21:07 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Lynchy\Desktop\aswMBR.exe

    [2012/07/16 15:05:56 | 000,000,000 | ---D | C] -- C:\Users\Lynchy\AppData\Roaming\Malwarebytes

    [2012/07/16 15:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

    [2012/07/16 15:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

    [2012/07/16 15:05:51 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

    [2012/07/16 15:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

    [2012/07/16 15:03:38 | 000,000,000 | ---D | C] -- C:\Users\Lynchy\Desktop\mbam-chameleon

    [2012/07/16 12:48:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrentControl2

    [2012/07/16 12:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo

    [2012/07/16 12:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer

    [2012/07/16 12:48:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent

    [2012/07/12 06:35:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group

    [2012/07/12 06:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

    [2012/07/12 06:26:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

    [2012/07/12 04:52:05 | 000,000,000 | ---D | C] -- C:\Windows\pss

    [2012/07/10 03:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

    [2012/07/09 21:20:37 | 000,000,000 | ---D | C] -- C:\Users\Lynchy\AppData\Roaming\SUPERAntiSpyware.com

    [2012/07/09 21:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

    [2012/07/09 21:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

    [2012/07/09 21:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

    [2012/07/09 13:42:09 | 000,000,000 | ---D | C] -- C:\Users\Lynchy\AppData\Local\AVG Secure Search

    [2012/07/09 13:41:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search

    [2012/07/09 13:41:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search

    [2012/07/09 13:41:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search

    [2012/07/09 13:40:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

    [2012/07/09 13:40:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG

    [2012/07/08 05:48:15 | 000,000,000 | ---D | C] -- C:\Users\Lynchy\AppData\Local\syjpmxpn

    [2012/07/06 19:39:06 | 000,000,000 | ---D | C] -- C:\Users\Lynchy\AppData\Local\Apps

    [2012/07/06 19:39:04 | 000,000,000 | ---D | C] -- C:\Users\Lynchy\AppData\Local\Deployment

    [2011/03/01 22:48:59 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Lynchy\AppData\Roaming\pcouffin.sys

    [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/17 21:51:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Lynchy\Desktop\OTL.exe

    [2012/07/17 21:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

    [2012/07/17 19:34:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

    [2012/07/17 13:12:43 | 000,018,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

    [2012/07/17 13:12:43 | 000,018,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

    [2012/07/17 13:04:34 | 3193,835,520 | -HS- | M] () -- C:\hiberfil.sys

    [2012/07/17 12:55:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

    [2012/07/16 21:08:23 | 004,579,127 | R--- | M] (Swearware) -- C:\Users\Lynchy\Desktop\ComboFix.exe

    [2012/07/16 15:21:17 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Lynchy\Desktop\aswMBR.exe

    [2012/07/16 15:05:52 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

    [2012/07/16 12:48:26 | 000,000,974 | ---- | M] () -- C:\Users\Lynchy\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk

    [2012/07/16 12:48:26 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk

    [2012/07/15 22:01:29 | 000,780,156 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

    [2012/07/15 22:01:29 | 000,665,444 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

    [2012/07/15 22:01:29 | 000,125,890 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

    [2012/07/12 06:26:21 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

    [2012/07/12 04:10:48 | 004,980,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

    [2012/07/10 03:38:17 | 000,030,496 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys

    [2012/07/10 03:36:48 | 000,002,988 | ---- | M] () -- C:\Windows\SysNative\.crusader

    [2012/07/09 21:20:29 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

    [2012/07/09 17:17:55 | 000,531,481 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm

    [2012/07/09 12:36:13 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\Lynchy\AppData\Roaming\pcouffin.sys

    [2012/07/09 12:36:13 | 000,007,859 | ---- | M] () -- C:\Users\Lynchy\AppData\Roaming\pcouffin.cat

    [2012/07/09 12:36:12 | 000,001,167 | ---- | M] () -- C:\Users\Lynchy\AppData\Roaming\pcouffin.inf

    [2012/07/09 12:35:40 | 101,300,814 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm

    [2012/07/08 05:48:11 | 000,099,675 | --S- | M] () -- C:\Users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bfcqvyfn.exe

    [2012/07/06 19:35:48 | 000,001,261 | ---- | M] () -- C:\Users\Lynchy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

    [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

    [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/16 21:08:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

    [2012/07/16 21:08:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

    [2012/07/16 21:08:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

    [2012/07/16 21:08:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

    [2012/07/16 21:08:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

    [2012/07/16 15:05:52 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

    [2012/07/16 12:48:26 | 000,000,974 | ---- | C] () -- C:\Users\Lynchy\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk

    [2012/07/16 12:48:26 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk

    [2012/07/12 06:26:21 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

    [2012/07/12 04:55:13 | 000,002,613 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk

    [2012/07/12 04:55:13 | 000,001,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MP3 Rocket (Minimized).lnk

    [2012/07/10 03:38:17 | 000,030,496 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys

    [2012/07/10 03:36:47 | 000,002,988 | ---- | C] () -- C:\Windows\SysNative\.crusader

    [2012/07/09 21:20:29 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

    [2012/07/08 19:04:42 | 000,099,675 | --S- | C] () -- C:\Users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bfcqvyfn.exe

    [2012/01/11 19:11:26 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll

    [2011/03/01 22:48:59 | 000,007,859 | ---- | C] () -- C:\Users\Lynchy\AppData\Roaming\pcouffin.cat

    [2011/03/01 22:48:59 | 000,001,167 | ---- | C] () -- C:\Users\Lynchy\AppData\Roaming\pcouffin.inf

    [2010/12/13 15:56:32 | 000,766,068 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    [2010/12/13 13:05:46 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

    [2010/12/13 12:56:07 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

    [2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

    [2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

    [2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

    [2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll

    [2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

    [2010/08/25 18:57:20 | 001,073,664 | ---- | C] () -- C:\Windows\TGConfig_VS08.exe

    ========== LOP Check ==========

    [2012/03/14 03:34:27 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\Aimersoft Video Converter Pro

    [2011/10/21 18:09:15 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\AVG2012

    [2011/02/14 03:46:57 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

    [2012/07/09 21:56:48 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\MP3Rocket

    [2012/06/12 13:50:46 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\SoftGrid Client

    [2011/02/17 19:24:49 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\Sony

    [2011/02/17 19:24:39 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\Sony Creative Software Inc

    [2012/07/03 11:10:07 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\Spotify

    [2011/06/18 20:16:49 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

    [2011/02/17 22:01:06 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\StarBurn

    [2011/12/21 19:53:57 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\Temp

    [2011/02/11 16:33:01 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\TP

    [2012/07/17 14:51:52 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\uTorrent

    [2012/07/12 06:28:26 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\Vso

    [2012/07/12 18:20:36 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========

    < End of report >

    OTL Extras logfile created on: 17/07/2012 21:52:58 - Run 1

    OTL by OldTimer - Version Folder = C:\Users\Lynchy\Desktop

    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

    Internet Explorer (Version = 9.0.8112.16421)

    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.97 Gb Total Physical Memory | 2.79 Gb Available Physical Memory | 70.33% Memory free

    7.93 Gb Paging File | 6.01 Gb Available in Paging File | 75.77% Paging File free

    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

    Drive C: | 290.04 Gb Total Space | 52.45 Gb Free Space | 18.08% Space Free | Partition Type: NTFS

    Computer Name: LYNCHY-PC | User Name: Lynchy | Logged in as Administrator.

    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========

    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    .html[@ = ChromeHTML] -- Reg Error: Key error. File not found

    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)


    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found


    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

    batfile [open] -- "%1" %*

    cmdfile [open] -- "%1" %*

    comfile [open] -- "%1" %*

    exefile [open] -- "%1" %*

    helpfile [open] -- Reg Error: Key error.

    htmlfile [edit] -- Reg Error: Key error.

    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

    https [open] -- Reg Error: Key error.

    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

    piffile [open] -- "%1" %*

    regfile [merge] -- Reg Error: Key error.

    scrfile [config] -- "%1"

    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

    scrfile [open] -- "%1" /S

    txtfile [edit] -- Reg Error: Key error.

    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    Folder [explore] -- Reg Error: Value error.

    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)


    batfile [open] -- "%1" %*

    cmdfile [open] -- "%1" %*

    comfile [open] -- "%1" %*

    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

    exefile [open] -- "%1" %*

    helpfile [open] -- Reg Error: Key error.

    htmlfile [edit] -- Reg Error: Key error.

    https [open] -- Reg Error: Key error.

    piffile [open] -- "%1" %*

    regfile [merge] -- Reg Error: Key error.

    scrfile [config] -- "%1"

    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

    scrfile [open] -- "%1" /S

    txtfile [edit] -- Reg Error: Key error.

    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    Folder [explore] -- Reg Error: Value error.

    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    "cval" = 1

    "FirewallDisableNotify" = 0

    "AntiVirusDisableNotify" = 0

    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

    "AntiVirusOverride" = 0

    "AntiSpywareOverride" = 0

    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    "FirewallDisableNotify" = 0

    "AntiVirusDisableNotify" = 0

    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]





    "DisableNotifications" = 0

    "EnableFirewall" = 1


    "DisableNotifications" = 0

    "EnableFirewall" = 1



    "DisableNotifications" = 0

    "EnableFirewall" = 1

    ========== Authorized Applications List ==========



    ========== Vista Active Open Ports Exception List ==========


    "{07C15103-8911-4740-A016-D647B173107D}" = rport=445 | protocol=6 | dir=out | app=system |

    "{107D7C46-692A-45E2-BA44-C979C052D16C}" = lport=137 | protocol=17 | dir=in | app=system |

    "{11C9DB80-D58A-4CA6-864D-A3934197C45E}" = lport=445 | protocol=6 | dir=in | app=system |

    "{13CBB78E-D163-4B79-BF0C-75CE100CDBB0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

    "{156A91A9-D79D-4DC9-94D4-436EEF3EB2FF}" = rport=10243 | protocol=6 | dir=out | app=system |

    "{1AC36803-4A3D-4A12-94D3-62D591804937}" = lport=49244 | protocol=6 | dir=in | name=akamai netsession interface |

    "{2492A9FB-D37D-4616-A3F6-D10340575CA5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    "{2F8DAA2E-36C6-43FB-8B28-6B7354B9E4D7}" = lport=10243 | protocol=6 | dir=in | app=system |

    "{31E46A9A-D197-4B97-A0A3-318D3C29E3C0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    "{3E67F6D3-6187-4512-A1D4-06AC092713F7}" = lport=139 | protocol=6 | dir=in | app=system |

    "{3E706D8C-72E4-471C-AAD4-89B8108DAE16}" = rport=139 | protocol=6 | dir=out | app=system |

    "{450BEF3C-143B-4381-B421-8D7D1EC868F3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

    "{4D4EE774-3F14-4202-8777-89244A28919C}" = rport=138 | protocol=17 | dir=out | app=system |

    "{4EED0124-D108-4C7E-8208-98D474874433}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    "{59B4E93B-BD86-48B2-ADF9-DD23D2679E2F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    "{767048C0-C41A-4685-B848-0DA29FF456FA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

    "{7FC539BA-67DB-45F2-9B6F-CB301182AE1E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

    "{94561B7F-7928-41B2-A601-BC061933191D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

    "{97E9DECB-17EA-4058-A4AB-927383DDAD43}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

    "{9EE30804-1FFA-4ABE-B1D6-179C63C09E9F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    "{A039C227-105F-4CFC-926C-D0AD008E3A1B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    "{A8E41FA6-81A3-4CA8-9805-8657A91A14F3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    "{C4A852AA-DEC0-4AFD-ADE4-A5EF2CAF98EA}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |

    "{CA4AA52C-B450-43C7-AF72-3A310523E290}" = lport=138 | protocol=17 | dir=in | app=system |

    "{CCDD7891-06C4-47D5-AF5F-3FD8DF219C95}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

    "{E6E74A08-01FF-4FF5-A70A-96780383051C}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |

    "{E7374BE7-DC63-4ED7-AAB4-A8F8D4375D69}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |

    "{E9E4E6F7-190E-4BCD-97EB-DBC1FC005063}" = lport=2869 | protocol=6 | dir=in | app=system |

    "{EF2BCD12-017E-4519-82D0-544F49F5B1F9}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

    "{F2206FDC-DB56-45E5-9DEE-3AEA8E0FEBCA}" = rport=137 | protocol=17 | dir=out | app=system |

    "{F5CA7AE2-21DD-4009-8D65-A6DCBE7B6CAB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

    "{FB3FCAA8-2E98-4035-9CE7-A5971EC27A04}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========


    "{08EA34A8-4BEC-480F-BEA0-F6D0248A0F73}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

    "{09995B30-A7CB-4793-8BCF-5873DA476507}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

    "{0BE6A23E-0A06-4A5D-9D5F-52D51C72EBD6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |

    "{113AE6A0-5937-4D23-8F7E-7467FCB4538C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

    "{13DF9579-3AAB-47D4-85AC-5E034E96AD5F}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |

    "{17678E96-845F-4E51-96B8-11F2CECC9E34}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |

    "{22EB7DF4-771D-4E71-B999-8F17F914F4B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

    "{3BD1AF93-5A8B-4243-9AD6-C67EFE6E6301}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    "{3E6FCC43-C9E6-4373-A3A5-C23088980642}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |

    "{41F346BE-A85A-43F0-A70F-03C185FFCE43}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |

    "{43F4D41E-9FEB-4146-8B02-3B40DDEA5945}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |

    "{44B0BD3B-EFE3-44F2-8118-73E886EFFD17}" = protocol=6 | dir=in | app=c:\users\lynchy\downloads\aviconvertersetup.exe |

    "{4606693C-9F3B-41B2-B1B2-CF8EBC48696F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

    "{4BE38FBC-FB3F-4ABB-BC88-718CEA05A165}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |

    "{4FAD35A5-7472-48C0-A18A-0F79AFA1A421}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

    "{5B85A43C-B41D-4B7B-81BF-10C19C514175}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

    "{61A32CA2-F909-456D-A6EC-7112FFB9199D}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |

    "{6A064700-A8FF-4963-81B9-618087E41D1C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

    "{6C177297-79FD-484D-87BC-CB4B1929D3A6}" = protocol=6 | dir=out | app=system |

    "{6FC1E03C-613C-41EE-A7C8-919537541587}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

    "{70636060-F980-42D5-AB5B-3A20B435B2E9}" = protocol=17 | dir=in | app=c:\users\lynchy\downloads\aviconvertersetup.exe |

    "{70C89A7C-C96E-4F1D-8045-EF6040D9C25B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |

    "{7660268B-3082-408D-8631-3A33B626A967}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |

    "{7B1761D4-EA98-498A-B14B-4A808FB1C9A4}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |

    "{8005AC10-B498-4F72-A890-8246A0A68BF5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

    "{830CB878-C9C8-43EB-92F2-367D717F67CF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

    "{83E7FBF4-65AE-437E-BD36-62769F169E6E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

    "{8C5AE16D-EA49-45A6-BACD-E140B1108915}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

    "{921EDAF4-8DA4-44C0-853B-05684B23B1C7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

    "{99F1CB47-3439-4B04-B050-FCB12A153FFC}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

    "{9C5A5FE2-C933-40C7-A37D-FB00107E4586}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

    "{9FEC6252-3EC1-46DC-9443-8447DACD1709}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

    "{A2C9527D-777F-4E51-A68E-E4C34DF1C5F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

    "{A2D2983B-B65F-4261-BE44-056A447A216D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

    "{A452D07C-7B25-4BCA-AC05-25F00DE4D0D6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |

    "{A907A442-9FF2-481C-A4B8-A042F0112880}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    "{AC2E4DAF-7DAC-4485-BFE0-77DF6B8808C8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

    "{AF4BC677-FB0D-4356-9D1B-24902DE7F5A3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |

    "{B278315A-50BF-4AE7-B62D-99491735C429}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

    "{B2F25BC5-9837-41BC-85AF-B16D9665C4DD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |

    "{B33F6E82-62F0-4056-B8B6-742C49FA9120}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

    "{B9B6A054-B5A0-4930-9B97-69E63883A5F7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |

    "{BF4AB69D-144E-459F-82B5-938B4F46B20D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

    "{C2E3855E-6888-49C2-9337-C11C4E1227F7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

    "{C71EC34D-D11B-467F-9526-0B73045BE434}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

    "{C781F4B9-C288-4603-92DD-A04F3C5F9BBC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |

    "{CA0198FB-385F-42A1-9A0B-8ECBEFADE2FA}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |

    "{CC0EC3E9-1863-4AC0-B1A9-A71025BBEB58}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

    "{CEBA6BAE-E85C-48D4-8F23-B00B51688EF2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |

    "{D1945F79-0AA6-4070-9011-1E6CBE0A8AED}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |

    "{D689E748-A1D7-4F4A-89FE-7100A6F77AA0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |

    "{D6E18BAA-F870-4B98-A439-853B32698C56}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |

    "{D9ACFDBC-9DD1-4572-B04D-E51BFC459A95}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

    "{DAD22D7B-FA16-443B-AD3A-1DF967292DBF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

    "{E6C80013-75DE-4320-8F4C-996C79365CB3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

    "{F8E38863-E140-4502-A375-131DC0BEE307}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

    "{F9868F60-F344-4AA7-859B-C97ACF8B002F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |

    "{FAB1025D-6612-4E0A-8204-FACAE7B2FC94}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

    "{FCF0D8D6-8721-4FC0-93B0-5D8F0A87CD00}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |

    "{FD43684B-DE68-4E7C-9AA0-30CA7D6DC648}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |

    "TCP Query User{0F64FBAE-530E-44E8-9215-148E4F4EBDDA}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

    "TCP Query User{1F0C8973-B705-4C34-B053-8A2022EEC40E}C:\users\lynchy\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\lynchy\appdata\roaming\spotify\spotify.exe |

    "TCP Query User{4EB9AAB3-4E55-41D9-AEE6-70EB57D7B0BA}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

    "TCP Query User{694BAFD3-E76A-41CF-92E4-7E756D1B9F9C}C:\users\lynchy\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\lynchy\appdata\local\akamai\netsession_win.exe |

    "TCP Query User{6B8AA498-C946-4288-B8B3-09112A89F61D}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |

    "TCP Query User{70B791BA-18EC-4BF0-BD77-3EB49AF85E78}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |

    "TCP Query User{716A7141-30E2-4247-806C-3E6BB64EA0D0}C:\program files (x86)\java\jre1.6.0_01\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.6.0_01\bin\javaw.exe |

    "TCP Query User{7F961066-6D5E-468A-9A9D-A25FA9BC6BD0}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |

    "TCP Query User{94600F4D-CBC5-4D43-887C-F786FB194BE3}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |

    "TCP Query User{A9DC06C5-A7C2-4FE7-9E7E-F8C6C3586341}C:\users\lynchy\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\lynchy\appdata\roaming\spotify\spotify.exe |

    "TCP Query User{BC29E813-C92E-48AB-ACF1-CE0E5E4CCA1B}C:\users\lynchy\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\lynchy\appdata\local\akamai\netsession_win.exe |

    "TCP Query User{BE223B24-1B4E-48C0-97FA-E26A09169066}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |

    "UDP Query User{07D9DC01-C1F5-4954-BE45-3A79EAE66587}C:\users\lynchy\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\lynchy\appdata\local\akamai\netsession_win.exe |

    "UDP Query User{2028EBF6-8245-43D7-B592-88237ED73CA3}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |

    "UDP Query User{614EBBDB-FA5C-41F6-8CF0-EB5FAFA8E94B}C:\users\lynchy\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\lynchy\appdata\roaming\spotify\spotify.exe |

    "UDP Query User{7675413C-6112-4BEC-B2DD-72575D959A9E}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |

    "UDP Query User{A55DF648-855C-43D9-AF4A-18E027FF8E4A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

    "UDP Query User{A7DDEEB7-93EE-4117-9D44-C3EF75D963CC}C:\program files (x86)\java\jre1.6.0_01\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.6.0_01\bin\javaw.exe |

    "UDP Query User{C688FD11-4524-4053-B290-9BC1F7C840C5}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |

    "UDP Query User{C7BCF4E7-AF1B-4500-9355-8016C679A755}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |

    "UDP Query User{CBBD6A49-2C0A-47B6-963C-CE020BCF013F}C:\users\lynchy\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\lynchy\appdata\roaming\spotify\spotify.exe |

    "UDP Query User{D27DBC69-041F-485E-8ECE-AAA00C01ED3F}C:\users\lynchy\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\lynchy\appdata\local\akamai\netsession_win.exe |

    "UDP Query User{DC1E3243-37C1-44AD-8DB1-7E4EE0B7F7A8}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |

    "UDP Query User{F73DD828-99C3-4714-B8C8-369EEC7DA552}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    "{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt

    "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety

    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

    "{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer

    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

    "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety

    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

    "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support

    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

    "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes

    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02

    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

    "{BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}" = Driver 1.3

    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

    "AVG" = AVG 2012

    "CCleaner" = CCleaner

    "HDMI" = Intel® Graphics Media Accelerator Driver

    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

    "WinRAR archiver" = WinRAR 4.00 beta 6 (64-bit)


    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

    "{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP

    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support

    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

    "{1C91F8F0-36CC-4C58-BDB3-66F0EEEF92A1}" = DSG OSD 1.01

    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

    "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver

    "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 26

    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

    "{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr

    "{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0

    "{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater

    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

    "{56BA241F-580C-43D2-8403-947241AAE633}" = center

    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

    "{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver

    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    "{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver

    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

    "{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials

    "{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr

    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver

    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

    "{D031E017-2434-40A7-A352-4DDD0199170D}" = TouchFreeze

    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

    "{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq

    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

    "{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software

    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

    "{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr

    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

    "Adobe AIR" = Adobe AIR

    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

    "Akamai" = Akamai NetSession Interface Service

    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

    "DtsFilter" = DTS+AC3 Filter

    "GOM Player" = GOM Player

    "Intel AppUp(SM) center 12358" = Intel AppUp(SM) center

    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version

    "MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)

    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010

    "Office14.SingleImage" = Microsoft Office Home and Student 2010

    "Spotify" = Spotify

    "uTorrent" = µTorrent

    "uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar

    "Winamp" = Winamp

    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========


    "Akamai" = Akamai NetSession Interface

    "Spotify" = Spotify

    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]

    Error - 31/05/2012 14:20:33 | Computer Name = Lynchy-PC | Source = Bonjour Service | ID = 100

    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 31/05/2012 14:20:33 | Computer Name = Lynchy-PC | Source = Bonjour Service | ID = 100

    Description = Task Scheduling Error: m->NextScheduledEvent 5024

    Error - 31/05/2012 14:20:33 | Computer Name = Lynchy-PC | Source = Bonjour Service | ID = 100

    Description = Task Scheduling Error: m->NextScheduledSPRetry 5024

    Error - 31/05/2012 14:20:34 | Computer Name = Lynchy-PC | Source = Bonjour Service | ID = 100

    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 31/05/2012 14:20:34 | Computer Name = Lynchy-PC | Source = Bonjour Service | ID = 100

    Description = Task Scheduling Error: m->NextScheduledEvent 6022

    Error - 31/05/2012 14:20:34 | Computer Name = Lynchy-PC | Source = Bonjour Service | ID = 100

    Description = Task Scheduling Error: m->NextScheduledSPRetry 6022

    Error - 31/05/2012 14:20:35 | Computer Name = Lynchy-PC | Source = Bonjour Service | ID = 100

    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 31/05/2012 14:20:35 | Computer Name = Lynchy-PC | Source = Bonjour Service | ID = 100

    Description = Task Scheduling Error: m->NextScheduledEvent 7021

    Error - 31/05/2012 14:20:35 | Computer Name = Lynchy-PC | Source = Bonjour Service | ID = 100

    Description = Task Scheduling Error: m->NextScheduledSPRetry 7021

    Error - 31/05/2012 14:20:36 | Computer Name = Lynchy-PC | Source = Bonjour Service | ID = 100

    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 31/05/2012 14:20:36 | Computer Name = Lynchy-PC | Source = Bonjour Service | ID = 100

    Description = Task Scheduling Error: m->NextScheduledEvent 8019

    [ System Events ]

    Error - 16/07/2012 16:14:19 | Computer Name = Lynchy-PC | Source = Service Control Manager | ID = 7030

    Description = The PEVSystemStart service is marked as an interactive service. However,

    the system is configured to not allow interactive services. This service may not

    function properly.

    Error - 16/07/2012 16:17:22 | Computer Name = Lynchy-PC | Source = Application Popup | ID = 1060

    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility

    with this system. Please contact your software vendor for a compatible version

    of the driver.

    Error - 16/07/2012 16:26:19 | Computer Name = Lynchy-PC | Source = Service Control Manager | ID = 7030

    Description = The PEVSystemStart service is marked as an interactive service. However,

    the system is configured to not allow interactive services. This service may not

    function properly.

    Error - 16/07/2012 16:27:25 | Computer Name = Lynchy-PC | Source = Service Control Manager | ID = 7023

    Description = The Windows Defender service terminated with the following error:


    Error - 17/07/2012 07:43:16 | Computer Name = Lynchy-PC | Source = Service Control Manager | ID = 7031

    Description = The Akamai NetSession Interface service terminated unexpectedly.

    It has done this 1 time(s). The following corrective action will be taken in 1000

    milliseconds: Restart the service.

    Error - 17/07/2012 07:50:01 | Computer Name = Lynchy-PC | Source = Service Control Manager | ID = 7030

    Description = The PEVSystemStart service is marked as an interactive service. However,

    the system is configured to not allow interactive services. This service may not

    function properly.

    Error - 17/07/2012 07:53:18 | Computer Name = Lynchy-PC | Source = Application Popup | ID = 1060

    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility

    with this system. Please contact your software vendor for a compatible version

    of the driver.

    Error - 17/07/2012 07:53:19 | Computer Name = Lynchy-PC | Source = Application Popup | ID = 1060

    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility

    with this system. Please contact your software vendor for a compatible version

    of the driver.

    Error - 17/07/2012 07:54:11 | Computer Name = Lynchy-PC | Source = Service Control Manager | ID = 7030

    Description = The PEVSystemStart service is marked as an interactive service. However,

    the system is configured to not allow interactive services. This service may not

    function properly.

    Error - 17/07/2012 07:55:23 | Computer Name = Lynchy-PC | Source = Service Control Manager | ID = 7023

    Description = The Windows Defender service terminated with the following error:


    < End of report >

  4. i hope i'm doing all this correct coz i dont really know what im doing! haha. thanks.

    ComboFix 12-07-16.01 - Lynchy 17/07/2012 12:45:40.2.2 - x64

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.2963 [GMT 1:00]

    Running from: c:\users\Lynchy\Desktop\ComboFix.exe

    Command switches used :: c:\users\Lynchy\Desktop\CFScript.txt

    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))














    ((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))



    2012-07-17 11:54 . 2012-07-17 11:54 -------- d-----w- c:\users\Default\AppData\Local\temp

    2012-07-16 14:05 . 2012-07-16 14:05 -------- d-----w- c:\users\Lynchy\AppData\Roaming\Malwarebytes

    2012-07-16 14:05 . 2012-07-16 14:05 -------- d-----w- c:\programdata\Malwarebytes

    2012-07-16 14:05 . 2012-07-16 14:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

    2012-07-16 14:05 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-07-16 11:48 . 2012-07-16 11:48 -------- d-----w- c:\program files (x86)\Yontoo

    2012-07-16 11:48 . 2012-07-16 11:48 -------- d-----w- c:\programdata\Tarma Installer

    2012-07-16 11:48 . 2012-07-16 11:48 -------- d-----w- c:\program files (x86)\uTorrent

    2012-07-12 05:35 . 2012-07-12 07:34 -------- d-----w- c:\program files (x86)\VS Revo Group

    2012-07-12 05:26 . 2012-07-12 05:26 -------- d-----w- c:\program files\CCleaner

    2012-07-12 02:30 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

    2012-07-10 02:38 . 2012-07-10 02:38 30496 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys

    2012-07-10 02:26 . 2012-07-10 02:36 -------- d-----w- c:\programdata\HitmanPro

    2012-07-09 20:20 . 2012-07-09 20:20 -------- d-----w- c:\users\Lynchy\AppData\Roaming\SUPERAntiSpyware.com

    2012-07-09 20:20 . 2012-07-09 20:20 -------- d-----w- c:\program files\SUPERAntiSpyware

    2012-07-09 20:20 . 2012-07-09 20:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

    2012-07-09 12:42 . 2012-07-09 12:42 -------- d-----w- c:\users\Lynchy\AppData\Local\AVG Secure Search

    2012-07-09 12:41 . 2012-07-09 12:42 -------- d-----w- c:\programdata\AVG Secure Search

    2012-07-09 12:41 . 2012-07-09 12:42 -------- d-----w- c:\program files (x86)\AVG Secure Search

    2012-07-09 12:41 . 2012-07-09 12:41 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search

    2012-07-09 12:40 . 2012-07-09 12:40 -------- d-----w- c:\windows\SysWow64\drivers\AVG

    2012-07-08 18:04 . 2012-07-08 04:48 99675 --s---w- c:\users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bfcqvyfn.exe

    2012-07-08 04:48 . 2012-07-17 11:53 -------- d-----w- c:\users\Lynchy\AppData\Local\syjpmxpn

    2012-07-06 18:39 . 2012-07-06 18:39 -------- d-----w- c:\users\Lynchy\AppData\Local\Apps

    2012-07-06 18:39 . 2012-07-10 03:05 -------- d-----w- c:\users\Lynchy\AppData\Local\Deployment

    2012-06-21 18:29 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

    2012-06-21 18:29 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

    2012-06-21 18:29 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

    2012-06-21 18:29 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

    2012-06-21 18:29 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

    2012-06-21 18:29 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

    2012-06-21 18:29 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

    2012-06-21 18:27 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

    2012-06-21 18:27 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe




    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))


    2012-07-11 17:27 . 2012-04-24 03:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

    2012-07-11 17:27 . 2012-01-27 19:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2012-07-09 11:36 . 2011-03-01 21:48 82816 ----a-w- c:\users\Lynchy\AppData\Roaming\pcouffin.sys

    2012-05-04 11:06 . 2012-06-13 15:11 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

    2012-05-04 10:03 . 2012-06-13 15:11 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

    2012-05-04 10:03 . 2012-06-13 15:11 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

    2012-05-01 05:40 . 2012-06-13 15:11 209920 ----a-w- c:\windows\system32\profsvc.dll

    2012-04-28 03:55 . 2012-06-13 15:11 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

    2012-04-26 05:41 . 2012-06-13 15:12 77312 ----a-w- c:\windows\system32\rdpwsx.dll

    2012-04-26 05:41 . 2012-06-13 15:12 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

    2012-04-26 05:34 . 2012-06-13 15:12 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

    2012-04-24 05:37 . 2012-06-13 15:11 184320 ----a-w- c:\windows\system32\cryptsvc.dll

    2012-04-24 05:37 . 2012-06-13 15:11 140288 ----a-w- c:\windows\system32\cryptnet.dll

    2012-04-24 05:37 . 2012-06-13 15:11 1462272 ----a-w- c:\windows\system32\crypt32.dll

    2012-04-24 04:36 . 2012-06-13 15:11 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

    2012-04-24 04:36 . 2012-06-13 15:11 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

    2012-04-24 04:36 . 2012-06-13 15:11 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll



    ((((((((((((((((((((((((((((( SnapShot@2012-07-16_20.28.26 )))))))))))))))))))))))))))))))))))))))))


    - 2012-07-16 20:26 . 2012-07-16 20:26 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

    + 2012-07-17 11:54 . 2012-07-17 11:54 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

    - 2009-07-14 04:54 . 2012-07-16 19:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    + 2009-07-14 04:54 . 2012-07-16 21:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    + 2009-07-14 04:54 . 2012-07-16 21:21 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    - 2009-07-14 04:54 . 2012-07-16 19:57 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    + 2009-07-14 04:54 . 2012-07-16 21:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    - 2009-07-14 04:54 . 2012-07-16 19:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    + 2009-08-03 07:55 . 2012-07-16 20:52 47570 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

    + 2009-07-14 05:10 . 2012-07-17 11:57 60052 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

    + 2011-02-10 23:17 . 2012-07-17 11:57 20222 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-847241449-3843327803-101957182-1001_UserData.bin

    + 2011-02-10 21:44 . 2012-07-17 11:38 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    - 2011-02-10 21:44 . 2012-07-16 20:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    + 2011-02-10 21:44 . 2012-07-17 11:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    - 2011-02-10 21:44 . 2012-07-16 20:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    + 2009-07-14 04:54 . 2012-07-17 11:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    - 2009-07-14 04:54 . 2012-07-16 20:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    + 2012-07-17 10:25 . 2012-07-17 10:25 9560 c:\windows\system32\NetworkList\Icons\{E9FC6925-F2BD-4B9E-9D22-554CAEEA3490}_48.bin

    + 2012-07-17 10:25 . 2012-07-17 10:25 4280 c:\windows\system32\NetworkList\Icons\{E9FC6925-F2BD-4B9E-9D22-554CAEEA3490}_32.bin

    + 2012-07-17 10:25 . 2012-07-17 10:25 2456 c:\windows\system32\NetworkList\Icons\{E9FC6925-F2BD-4B9E-9D22-554CAEEA3490}_24.bin

    - 2012-07-16 20:27 . 2012-07-16 20:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    + 2012-07-17 11:55 . 2012-07-17 11:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    - 2012-07-16 20:27 . 2012-07-16 20:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    + 2012-07-17 11:55 . 2012-07-17 11:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    + 2010-12-13 07:52 . 2012-07-17 11:30 406252 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

    - 2009-07-14 05:01 . 2012-07-16 20:26 471484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

    + 2009-07-14 05:01 . 2012-07-17 11:54 471484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

    + 2011-02-10 23:13 . 2012-07-17 11:54 4812835 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-847241449-3843327803-101957182-1001-8192.dat


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))



    *Note* empty entries & legit default entries are not shown



    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]




    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]

    2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll


    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

    2012-07-09 12:41 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\\AVG Secure Search_toolbar.dll


    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]

    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]



    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]





    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-07-16 895376]

    "TouchFreeze"="c:\program files (x86)\TouchFreeze\TouchFreeze.exe" [2005-04-29 45056]

    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-26 4787072]

    "Spotify Web Helper"="c:\users\Lynchy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-29 932528]

    "Akamai NetSession Interface"="c:\users\Lynchy\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]

    "BfcQvyfn"="c:\users\Lynchy\AppData\Local\syjpmxpn\bfcqvyfn.exe" [bU]



    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]

    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-09 1107552]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]

    "Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" [2010-12-13 1300]

    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

    "EKIJ5000StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]

    "Conime"="c:\windows\system32\conime.exe" [bU]


    c:\users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    bfcqvyfn.exe [2012-7-8 99675]


    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    MP3 Rocket (Minimized).lnk - c:\program files (x86)\MP3 Rocket\MP3Rocket.exe [N/A]

    OSD.lnk - c:\windows\Installer\{1C91F8F0-36CC-4C58-BDB3-66F0EEEF92A1}\_693B294D31BEF0AFC52D71.exe [2010-12-13 4286]



    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)


    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]




    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

















    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]

    R3 hitmanpro36;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-07-10 30496]

    R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-05-26 164464]

    R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2010-02-25 115312]

    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-11-29 82816]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-12 1255736]

    R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]

    R4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]

    R4 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]

    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-02-17 867824]

    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

    S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]

    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

    S2 SoilIO;SoilIO; [x]

    S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-09 935008]

    S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-05-21 1108000]

    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

    S3 soilkbc;soilkbc; [x]

    S3 SoilMC;SoilMC; [x]

    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]



    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

    Akamai REG_MULTI_SZ Akamai


    Contents of the 'Scheduled Tasks' folder


    2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 17:27]



    --------- X64 Entries -----------




    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]

    "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]

    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]


    ------- Supplementary Scan -------


    uStart Page = https://www.google.co.uk/

    uLocal Page = c:\windows\system32\blank.htm

    mStart Page = hxxp://www.bigseekpro.com/mp3rocket/{2709E692-8504-43AB-958E-70A9147980B4}

    mLocal Page = c:\windows\SysWOW64\blank.htm

    uInternet Settings,ProxyOverride = *.local;;<local>

    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

    IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

    TCP: DhcpNameServer =

    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll


    - - - - ORPHANS REMOVED - - - -


    Toolbar-Locked - (no file)

    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)





    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"


    --------------------- LOCKED REGISTRY KEYS ---------------------


    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

    @Denied: (2) (LocalSystem)
























    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

    @Denied: (2) (LocalSystem)




    @Denied: (A 2) (Everyone)














    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"













    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"












    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"










    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"












    @Denied: (A 2) (Everyone)










    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

    @Denied: (A) (Everyone)



    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

    @Denied: (A) (Everyone)


    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]


    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"



    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)




    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)




    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)




    @Denied: (Full) (Everyone)


    ------------------------ Other Running Processes ------------------------


    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe




    Completion time: 2012-07-17 13:02:48 - machine was rebooted

    ComboFix-quarantined-files.txt 2012-07-17 12:02

    ComboFix2.txt 2012-07-16 20:44


    Pre-Run: 57,657,303,040 bytes free

    Post-Run: 57,375,330,304 bytes free


    - - End Of File - - 17356A537D1964CB683AF2769B379358

  5. CombiFix Log as requested. thanks.

    ComboFix 12-07-16.01 - Lynchy 16/07/2012 21:10:53.1.2 - x64

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.2483 [GMT 1:00]

    Running from: c:\users\Lynchy\Desktop\ComboFix.exe

    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    * Created a new restore point



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



    c:\program files (x86)\myapp.exe

    c:\program files (x86)\myapp.exe\Chameleon\chameleon.chm

    c:\program files (x86)\myapp.exe\Chameleon\firefox.com

    c:\program files (x86)\myapp.exe\Chameleon\firefox.exe

    c:\program files (x86)\myapp.exe\Chameleon\firefox.pif

    c:\program files (x86)\myapp.exe\Chameleon\firefox.scr

    c:\program files (x86)\myapp.exe\Chameleon\iexplore.exe

    c:\program files (x86)\myapp.exe\Chameleon\mbam-chameleon.com

    c:\program files (x86)\myapp.exe\Chameleon\mbam-chameleon.exe

    c:\program files (x86)\myapp.exe\Chameleon\mbam-chameleon.pif

    c:\program files (x86)\myapp.exe\Chameleon\mbam-chameleon.scr

    c:\program files (x86)\myapp.exe\Chameleon\mbam-killer.exe

    c:\program files (x86)\myapp.exe\Chameleon\rundll32.exe

    c:\program files (x86)\myapp.exe\Chameleon\svchost.exe

    c:\program files (x86)\myapp.exe\Chameleon\winlogon.exe

    c:\program files (x86)\myapp.exe\changes.rtf

    c:\program files (x86)\myapp.exe\Languages\arabic.lng

    c:\program files (x86)\myapp.exe\Languages\bosnian.lng

    c:\program files (x86)\myapp.exe\Languages\bulgarian.lng

    c:\program files (x86)\myapp.exe\Languages\catalan.lng

    c:\program files (x86)\myapp.exe\Languages\chineseSI.lng

    c:\program files (x86)\myapp.exe\Languages\chineseTR.lng

    c:\program files (x86)\myapp.exe\Languages\croatian.lng

    c:\program files (x86)\myapp.exe\Languages\czech.lng

    c:\program files (x86)\myapp.exe\Languages\danish.lng

    c:\program files (x86)\myapp.exe\Languages\dutch.lng

    c:\program files (x86)\myapp.exe\Languages\english.lng

    c:\program files (x86)\myapp.exe\Languages\estonian.lng

    c:\program files (x86)\myapp.exe\Languages\finnish.lng

    c:\program files (x86)\myapp.exe\Languages\french.lng

    c:\program files (x86)\myapp.exe\Languages\german.lng

    c:\program files (x86)\myapp.exe\Languages\greek.lng

    c:\program files (x86)\myapp.exe\Languages\hebrew.lng

    c:\program files (x86)\myapp.exe\Languages\hungarian.lng

    c:\program files (x86)\myapp.exe\Languages\italian.lng

    c:\program files (x86)\myapp.exe\Languages\latvian.lng

    c:\program files (x86)\myapp.exe\Languages\lithuanian.lng

    c:\program files (x86)\myapp.exe\Languages\macedonian.lng

    c:\program files (x86)\myapp.exe\Languages\norwegian.lng

    c:\program files (x86)\myapp.exe\Languages\polish.lng

    c:\program files (x86)\myapp.exe\Languages\portugueseBR.lng

    c:\program files (x86)\myapp.exe\Languages\portuguesePT.lng

    c:\program files (x86)\myapp.exe\Languages\romanian.lng

    c:\program files (x86)\myapp.exe\Languages\russian.lng

    c:\program files (x86)\myapp.exe\Languages\serbian.lng

    c:\program files (x86)\myapp.exe\Languages\slovak.lng

    c:\program files (x86)\myapp.exe\Languages\slovenian.lng

    c:\program files (x86)\myapp.exe\Languages\spanish.lng

    c:\program files (x86)\myapp.exe\Languages\swedish.lng

    c:\program files (x86)\myapp.exe\Languages\thai.lng

    c:\program files (x86)\myapp.exe\Languages\turkish.lng

    c:\program files (x86)\myapp.exe\Languages\vietnamese.lng

    c:\program files (x86)\myapp.exe\license.txt

    c:\program files (x86)\myapp.exe\mbam.chm

    c:\program files (x86)\myapp.exe\mbam.dll

    c:\program files (x86)\myapp.exe\mbam.exe

    c:\program files (x86)\myapp.exe\mbamcore.dll

    c:\program files (x86)\myapp.exe\mbamext.dll

    c:\program files (x86)\myapp.exe\mbamgui.exe

    c:\program files (x86)\myapp.exe\mbamnet.dll

    c:\program files (x86)\myapp.exe\mbampt.exe

    c:\program files (x86)\myapp.exe\mbamservice.exe

    c:\program files (x86)\myapp.exe\ssubtmr6.dll

    c:\program files (x86)\myapp.exe\unins000.dat

    c:\program files (x86)\myapp.exe\unins000.exe

    c:\program files (x86)\myapp.exe\unins000.msg

    c:\program files (x86)\myapp.exe\vbalsgrid6.ocx

















    ((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 )))))))))))))))))))))))))))))))



    2012-07-16 14:05 . 2012-07-16 14:05 -------- d-----w- c:\users\Lynchy\AppData\Roaming\Malwarebytes

    2012-07-16 14:05 . 2012-07-16 14:05 -------- d-----w- c:\programdata\Malwarebytes

    2012-07-16 14:05 . 2012-07-16 14:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

    2012-07-16 14:05 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-07-16 11:48 . 2012-07-16 11:48 -------- d-----w- c:\program files (x86)\Yontoo

    2012-07-16 11:48 . 2012-07-16 11:48 -------- d-----w- c:\programdata\Tarma Installer

    2012-07-16 11:48 . 2012-07-16 11:48 -------- d-----w- c:\program files (x86)\uTorrent

    2012-07-12 05:35 . 2012-07-12 07:34 -------- d-----w- c:\program files (x86)\VS Revo Group

    2012-07-12 05:26 . 2012-07-12 05:26 -------- d-----w- c:\program files\CCleaner

    2012-07-12 02:30 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

    2012-07-10 02:38 . 2012-07-10 02:38 30496 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys

    2012-07-10 02:26 . 2012-07-10 02:36 -------- d-----w- c:\programdata\HitmanPro

    2012-07-09 20:20 . 2012-07-09 20:20 -------- d-----w- c:\users\Lynchy\AppData\Roaming\SUPERAntiSpyware.com

    2012-07-09 20:20 . 2012-07-09 20:20 -------- d-----w- c:\program files\SUPERAntiSpyware

    2012-07-09 20:20 . 2012-07-09 20:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

    2012-07-09 12:42 . 2012-07-09 12:42 -------- d-----w- c:\users\Lynchy\AppData\Local\AVG Secure Search

    2012-07-09 12:41 . 2012-07-09 12:42 -------- d-----w- c:\programdata\AVG Secure Search

    2012-07-09 12:41 . 2012-07-09 12:42 -------- d-----w- c:\program files (x86)\AVG Secure Search

    2012-07-09 12:41 . 2012-07-09 12:41 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search

    2012-07-09 12:40 . 2012-07-09 12:40 -------- d-----w- c:\windows\SysWow64\drivers\AVG

    2012-07-08 18:04 . 2012-07-08 04:48 99675 --s---w- c:\users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bfcqvyfn.exe

    2012-07-08 04:48 . 2012-07-16 20:22 -------- d-----w- c:\users\Lynchy\AppData\Local\syjpmxpn

    2012-07-06 18:39 . 2012-07-06 18:39 -------- d-----w- c:\users\Lynchy\AppData\Local\Apps

    2012-07-06 18:39 . 2012-07-10 03:05 -------- d-----w- c:\users\Lynchy\AppData\Local\Deployment

    2012-06-21 18:29 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

    2012-06-21 18:29 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

    2012-06-21 18:29 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

    2012-06-21 18:29 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

    2012-06-21 18:29 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

    2012-06-21 18:29 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

    2012-06-21 18:29 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

    2012-06-21 18:27 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

    2012-06-21 18:27 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe




    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))


    2012-07-11 17:27 . 2012-04-24 03:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

    2012-07-11 17:27 . 2012-01-27 19:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2012-07-09 11:36 . 2011-03-01 21:48 82816 ----a-w- c:\users\Lynchy\AppData\Roaming\pcouffin.sys

    2012-05-04 11:06 . 2012-06-13 15:11 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

    2012-05-04 10:03 . 2012-06-13 15:11 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

    2012-05-04 10:03 . 2012-06-13 15:11 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

    2012-05-01 05:40 . 2012-06-13 15:11 209920 ----a-w- c:\windows\system32\profsvc.dll

    2012-04-28 03:55 . 2012-06-13 15:11 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

    2012-04-26 05:41 . 2012-06-13 15:12 77312 ----a-w- c:\windows\system32\rdpwsx.dll

    2012-04-26 05:41 . 2012-06-13 15:12 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

    2012-04-26 05:34 . 2012-06-13 15:12 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

    2012-04-24 05:37 . 2012-06-13 15:11 184320 ----a-w- c:\windows\system32\cryptsvc.dll

    2012-04-24 05:37 . 2012-06-13 15:11 140288 ----a-w- c:\windows\system32\cryptnet.dll

    2012-04-24 05:37 . 2012-06-13 15:11 1462272 ----a-w- c:\windows\system32\crypt32.dll

    2012-04-24 04:36 . 2012-06-13 15:11 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

    2012-04-24 04:36 . 2012-06-13 15:11 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

    2012-04-24 04:36 . 2012-06-13 15:11 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll



    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))



    *Note* empty entries & legit default entries are not shown



    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]




    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]

    2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll


    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

    2012-07-09 12:41 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\\AVG Secure Search_toolbar.dll


    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]

    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]



    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]





    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-07-16 895376]

    "TouchFreeze"="c:\program files (x86)\TouchFreeze\TouchFreeze.exe" [2005-04-29 45056]

    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-26 4787072]

    "Spotify Web Helper"="c:\users\Lynchy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-29 932528]

    "Akamai NetSession Interface"="c:\users\Lynchy\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]



    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]

    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-09 1107552]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]

    "Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" [2010-12-13 1300]

    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

    "EKIJ5000StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]


    c:\users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    bfcqvyfn.exe [2012-7-8 99675]


    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    MP3 Rocket (Minimized).lnk - c:\program files (x86)\MP3 Rocket\MP3Rocket.exe [N/A]

    OSD.lnk - c:\windows\Installer\{1C91F8F0-36CC-4C58-BDB3-66F0EEEF92A1}\_693B294D31BEF0AFC52D71.exe [2010-12-13 4286]



    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)


    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]




    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

















    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]

    R3 hitmanpro36;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-07-10 30496]

    R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-05-26 164464]

    R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2010-02-25 115312]

    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-11-29 82816]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-12 1255736]

    R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]

    R4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]

    R4 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]

    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-02-17 867824]

    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

    S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]

    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

    S2 SoilIO;SoilIO; [x]

    S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-09 935008]

    S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-05-21 1108000]

    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

    S3 soilkbc;soilkbc; [x]

    S3 SoilMC;SoilMC; [x]

    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]



    --- Other Services/Drivers In Memory ---


    *NewlyCreated* - WS2IFSL


    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

    Akamai REG_MULTI_SZ Akamai


    Contents of the 'Scheduled Tasks' folder


    2012-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 17:27]



    --------- X64 Entries -----------




    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]

    "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]

    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]



    ------- Supplementary Scan -------


    uStart Page = https://www.google.co.uk/

    uLocal Page = c:\windows\system32\blank.htm

    mStart Page = hxxp://www.bigseekpro.com/mp3rocket/{2709E692-8504-43AB-958E-70A9147980B4}

    mLocal Page = c:\windows\SysWOW64\blank.htm

    uInternet Settings,ProxyOverride = *.local;;<local>

    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

    IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

    TCP: DhcpNameServer =

    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll


    - - - - ORPHANS REMOVED - - - -


    URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

    Toolbar-Locked - (no file)

    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

    Wow6432Node-HKCU-Run-AdobeBridge - (no file)

    Wow6432Node-HKCU-Run-BfcQvyfn - c:\users\Lynchy\AppData\Local\syjpmxpn\bfcqvyfn.exe

    Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe

    Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe

    Wow6432Node-HKLM-Run-Aimersoft Helper Compact.exe - c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

    Toolbar-Locked - (no file)

    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)





    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"


    --------------------- LOCKED REGISTRY KEYS ---------------------


    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

    @Denied: (2) (LocalSystem)
























    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

    @Denied: (2) (LocalSystem)




    @Denied: (A 2) (Everyone)














    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"













    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"












    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"










    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"












    @Denied: (A 2) (Everyone)










    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

    @Denied: (A) (Everyone)



    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

    @Denied: (A) (Everyone)


    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]


    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"



    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)




    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)




    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)




    @Denied: (Full) (Everyone)


    ------------------------ Other Running Processes ------------------------


    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe




    Completion time: 2012-07-16 21:44:27 - machine was rebooted

    ComboFix-quarantined-files.txt 2012-07-16 20:44


    Pre-Run: 58,624,499,712 bytes free

    Post-Run: 58,261,377,024 bytes free


    - - End Of File - - 51C17B52390716698B931319FA89B658

  6. Thanks maniac. heres the 3 logs as requested. Again, i appreciate this.

    Malwarebytes Anti-Malware


    Database version: v2012.07.16.08

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 9.0.8112.16421

    Lynchy :: LYNCHY-PC [administrator]

    16/07/2012 15:12:58

    mbam-log-2012-07-16 (15-17-35).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 213972

    Time elapsed: 4 minute(s), 16 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 1

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BfcQvyfn (Trojan.Ransom) -> Data: C:\Users\Lynchy\AppData\Local\syjpmxpn\bfcqvyfn.exe -> No action taken.

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 2

    C:\Users\Lynchy\AppData\Local\syjpmxpn\bfcqvyfn.exe (Trojan.Ransom) -> No action taken.

    C:\Users\Lynchy\AppData\Local\Temp\skalbbewfdjxwndi.exe (Trojan.Ransom) -> No action taken.


    aswMBR version Copyright© 2011 AVAST Software

    Run date: 2012-07-16 15:21:29


    15:21:29.954 OS Version: Windows x64 6.1.7601 Service Pack 1

    15:21:29.954 Number of processors: 2 586 0x170A

    15:21:29.954 ComputerName: LYNCHY-PC UserName: Lynchy

    15:21:33.495 Initialize success

    15:21:46.513 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

    15:21:46.513 Disk 0 Vendor: TOSHIBA_MK3265GSX GJ002J Size: 305245MB BusType: 11

    15:21:46.528 Disk 0 MBR read successfully

    15:21:46.544 Disk 0 MBR scan

    15:21:46.544 Disk 0 Windows 7 default MBR code

    15:21:46.560 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 8243 MB offset 2048

    15:21:46.591 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 297000 MB offset 16883712

    15:21:46.606 Disk 0 scanning C:\Windows\system32\drivers

    15:21:59.118 Service scanning

    15:22:23.220 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32

    15:22:30.271 Modules scanning

    15:22:30.271 Disk 0 trace - called modules:

    15:22:30.318 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80049b12c0]<<spqf.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys

    15:22:30.318 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c95700]

    15:22:30.333 3 CLASSPNP.SYS[fffff88001b9443f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004af7680]

    15:22:30.333 \Driver\atapi[0xfffffa8004ac2060] -> IRP_MJ_CREATE -> 0xfffffa80049b12c0

    15:22:30.333 Scan finished successfully

    15:22:45.169 Disk 0 MBR has been saved successfully to "C:\Users\Lynchy\Desktop\MBR.dat"

    15:22:45.184 The log file has been saved successfully to "C:\Users\Lynchy\Desktop\aswMBR.txt"


    DDS (Ver_2011-08-26.01) - NTFSAMD64

    Internet Explorer: 9.0.8112.16421

    Run by Lynchy at 15:48:48 on 2012-07-16

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.2598 [GMT 1:00]


    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ============== Running Processes ===============




    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService




    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork


    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

    C:\Windows\SysWOW64\svchost.exe -k Akamai

    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE


    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted






    C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe

    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe



    C:\Program Files (x86)\Winamp\winampa.exe

    C:\Program Files (x86)\AVG Secure Search\vprot.exe

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    C:\Program Files (x86)\iTunes\iTunesHelper.exe

    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe


    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files (x86)\OEM\DSG OSD 1.01\SunflowerOSD.exe



    C:\Windows\System32\svchost.exe -k LocalServicePeerNet

    C:\Program Files\Windows Media Player\wmpnetwk.exe



    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe




    C:\Program Files\Internet Explorer\iexplore.exe










    ============== Pseudo HJT Report ===============


    uStart Page = https://www.google.co.uk/

    uSearch Page =

    uSearch Bar =

    mStart Page = hxxp://www.bigseekpro.com/mp3rocket/{2709E692-8504-43AB-958E-70A9147980B4}

    uInternet Settings,ProxyOverride = *.local;;<local>

    mSearchAssistant =

    uURLSearchHooks: H - No File

    uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

    mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

    mURLSearchHooks: H - No File

    mWinlogon: Userinit=userinit.exe,

    BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\\AVG Secure Search_toolbar.dll

    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\\AVG Secure Search_toolbar.dll

    TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

    TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

    uRun: [AdobeBridge]

    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

    uRun: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe

    uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    uRun: [spotify Web Helper] "C:\Users\Lynchy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

    uRun: [Akamai NetSession Interface] "C:\Users\Lynchy\AppData\Local\Akamai\netsession_win.exe"

    uRun: [bfcQvyfn] C:\Users\Lynchy\AppData\Local\syjpmxpn\bfcqvyfn.exe

    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

    mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

    mRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"

    mRun: [Conime] %windir%\system32\conime.exe

    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

    mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

    mRun: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe

    StartupFolder: C:\Users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bfcqvyfn.exe

    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MP3ROC~1.LNK - C:\Program Files (x86)\MP3 Rocket\MP3Rocket.exe

    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OSD.lnk - C:\windows\Installer\{1C91F8F0-36CC-4C58-BDB3-66F0EEEF92A1}\_693B294D31BEF0AFC52D71.exe

    mPolicies-explorer: NoActiveDesktop = 1 (0x1)

    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

    TCP: DhcpNameServer =

    TCP: Interfaces\{D211927F-7A7F-442A-8190-CE84A61719E2} : DhcpNameServer =

    TCP: Interfaces\{D211927F-7A7F-442A-8190-CE84A61719E2}\14C656 : DhcpNameServer =

    TCP: Interfaces\{D211927F-7A7F-442A-8190-CE84A61719E2}\35B4957373536454 : DhcpNameServer =

    TCP: Interfaces\{D211927F-7A7F-442A-8190-CE84A61719E2}\35B4959373935333 : DhcpNameServer =

    TCP: Interfaces\{D211927F-7A7F-442A-8190-CE84A61719E2}\8445340205F627471626C6560284F6473707F647 : DhcpNameServer =

    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

    BHO-X64: uTorrentControl2 - No File

    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\\AVG Secure Search_toolbar.dll

    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

    BHO-X64: URLRedirectionBHO - No File

    BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

    BHO-X64: Yontoo Layers - No File

    TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\\AVG Secure Search_toolbar.dll

    TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

    TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

    mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

    mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

    mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

    mRun-x64: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"

    mRun-x64: [Conime] %windir%\system32\conime.exe

    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

    mRun-x64: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

    mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe


    ============= SERVICES / DRIVERS ===============


    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]

    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]

    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]

    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]

    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

    R2 SoilIO;SoilIO;C:\Windows\system32\drivers\SoilIO.sys --> C:\Windows\system32\drivers\SoilIO.sys [?]

    R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]

    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]

    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

    R3 soilkbc;soilkbc;C:\Windows\system32\drivers\soilkbc.sys --> C:\Windows\system32\drivers\soilkbc.sys [?]

    R3 SoilMC;SoilMC;C:\Windows\system32\drivers\SoilMC.sys --> C:\Windows\system32\drivers\SoilMC.sys [?]

    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-24 250056]

    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

    S3 hitmanpro36;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?]

    S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

    S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?]

    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]


    =============== Created Last 30 ================


    2012-07-16 14:05:56 -------- d-----w- C:\Users\Lynchy\AppData\Roaming\Malwarebytes

    2012-07-16 14:05:52 -------- d-----w- C:\ProgramData\Malwarebytes

    2012-07-16 14:05:51 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

    2012-07-16 14:05:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

    2012-07-16 11:48:57 -------- d-----w- C:\Program Files (x86)\uTorrentControl2

    2012-07-16 11:48:48 -------- d-----w- C:\Program Files (x86)\Yontoo

    2012-07-16 11:48:46 -------- d-----w- C:\ProgramData\Tarma Installer

    2012-07-16 11:48:26 -------- d-----w- C:\Program Files (x86)\uTorrent

    2012-07-12 05:35:17 -------- d-----w- C:\Program Files (x86)\VS Revo Group

    2012-07-12 05:26:19 -------- d-----w- C:\Program Files\CCleaner

    2012-07-12 03:52:05 -------- d-----w- C:\Windows\pss

    2012-07-12 02:30:39 3148800 ----a-w- C:\Windows\System32\win32k.sys

    2012-07-10 02:38:17 30496 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys

    2012-07-10 02:26:54 -------- d-----w- C:\ProgramData\HitmanPro

    2012-07-09 21:20:59 -------- d-----w- C:\Program Files (x86)\myapp.exe

    2012-07-09 20:20:37 -------- d-----w- C:\Users\Lynchy\AppData\Roaming\SUPERAntiSpyware.com

    2012-07-09 20:20:22 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

    2012-07-09 20:20:22 -------- d-----w- C:\Program Files\SUPERAntiSpyware

    2012-07-09 12:42:09 -------- d-----w- C:\Users\Lynchy\AppData\Local\AVG Secure Search

    2012-07-09 12:41:49 -------- d-----w- C:\ProgramData\AVG Secure Search

    2012-07-09 12:41:47 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search

    2012-07-09 12:41:47 -------- d-----w- C:\Program Files (x86)\AVG Secure Search

    2012-07-09 12:40:21 -------- d-----w- C:\Windows\SysWow64\drivers\AVG

    2012-07-08 04:48:15 -------- d-----w- C:\Users\Lynchy\AppData\Local\syjpmxpn

    2012-07-06 18:39:06 -------- d-----w- C:\Users\Lynchy\AppData\Local\Apps

    2012-07-06 18:39:04 -------- d-----w- C:\Users\Lynchy\AppData\Local\Deployment

    2012-06-21 18:29:43 2622464 ----a-w- C:\Windows\System32\wucltux.dll

    2012-06-21 18:29:22 99840 ----a-w- C:\Windows\System32\wudriver.dll

    2012-06-21 18:27:52 36864 ----a-w- C:\Windows\System32\wuapp.exe

    2012-06-21 18:27:52 186752 ----a-w- C:\Windows\System32\wuwebv.dll


    ==================== Find3M ====================


    2012-07-11 17:27:16 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

    2012-07-11 17:27:16 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

    2012-07-09 11:36:13 99384 ----a-w- C:\Users\Lynchy\AppData\Roaming\inst.exe

    2012-07-09 11:36:13 82816 ----a-w- C:\Users\Lynchy\AppData\Roaming\pcouffin.sys

    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

    2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

    2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

    2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

    2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

    2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

    2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

    2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

    2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

    2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

    2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll


    ============= FINISH: 15:50:19.04 ===============

  7. Thanks a lot for your help, here are the logs. Paul


    DDS (Ver_2011-08-26.01) - NTFSAMD64

    Internet Explorer: 9.0.8112.16421

    Run by Lynchy at 20:12:14 on 2012-07-12

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.2366 [GMT 1:00]


    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ============== Running Processes ===============




    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService


    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork




    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

    C:\Windows\SysWOW64\svchost.exe -k Akamai

    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE


    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted





    C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe

    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe



    C:\Program Files (x86)\OEM\DSG OSD 1.01\SunflowerOSD.exe

    C:\Program Files (x86)\Winamp\winampa.exe

    C:\Program Files (x86)\AVG Secure Search\vprot.exe

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe


    C:\Program Files (x86)\iTunes\iTunesHelper.exe

    C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\\BabylonToolbarsrv.exe

    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

    C:\Program Files\iPod\bin\iPodService.exe


    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Windows\System32\svchost.exe -k LocalServicePeerNet




    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

    C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE





    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe


    C:\Windows\system32\svchost.exe -k netsvcs




    C:\Program Files\Internet Explorer\iexplore.exe



    C:\Windows\System32\svchost.exe -k swprv







    ============== Pseudo HJT Report ===============


    uStart Page = https://www.google.co.uk/

    uSearch Page =

    uSearch Bar =

    mStart Page = hxxp://www.bigseekpro.com/mp3rocket/{2709E692-8504-43AB-958E-70A9147980B4}

    uInternet Settings,ProxyOverride = *.local;;<local>

    mSearchAssistant =

    uURLSearchHooks: H - No File

    uURLSearchHooks: H - No File

    mURLSearchHooks: H - No File

    mWinlogon: Userinit=userinit.exe,

    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\\AVG Secure Search_toolbar.dll

    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\\AVG Secure Search_toolbar.dll

    TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

    uRun: [AdobeBridge]

    uRun: [bfcQvyfn] C:\Users\Lynchy\AppData\Local\syjpmxpn\bfcqvyfn.exe

    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

    uRun: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe

    uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    uRun: [spotify Web Helper] "C:\Users\Lynchy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

    uRun: [Akamai NetSession Interface] "C:\Users\Lynchy\AppData\Local\Akamai\netsession_win.exe"

    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

    mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

    mRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"

    mRun: [Conime] %windir%\system32\conime.exe

    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

    mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

    mRun: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe

    StartupFolder: C:\Users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bfcqvyfn.exe

    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MP3ROC~1.LNK - C:\Program Files (x86)\MP3 Rocket\MP3Rocket.exe

    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OSD.lnk - C:\windows\Installer\{1C91F8F0-36CC-4C58-BDB3-66F0EEEF92A1}\_693B294D31BEF0AFC52D71.exe

    mPolicies-explorer: NoActiveDesktop = 1 (0x1)

    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

    TCP: DhcpNameServer =

    TCP: Interfaces\{D211927F-7A7F-442A-8190-CE84A61719E2} : DhcpNameServer =

    TCP: Interfaces\{D211927F-7A7F-442A-8190-CE84A61719E2}\14C656 : DhcpNameServer =

    TCP: Interfaces\{D211927F-7A7F-442A-8190-CE84A61719E2}\35B4957373536454 : DhcpNameServer =

    TCP: Interfaces\{D211927F-7A7F-442A-8190-CE84A61719E2}\8445340205F627471626C6560284F6473707F647 : DhcpNameServer =

    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\\AVG Secure Search_toolbar.dll

    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

    BHO-X64: URLRedirectionBHO - No File

    BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\\AVG Secure Search_toolbar.dll

    TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

    mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

    mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

    mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

    mRun-x64: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"

    mRun-x64: [Conime] %windir%\system32\conime.exe

    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

    mRun-x64: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

    mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe


    ============= SERVICES / DRIVERS ===============


    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]

    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]

    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]

    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]

    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

    R2 SoilIO;SoilIO;C:\Windows\system32\drivers\SoilIO.sys --> C:\Windows\system32\drivers\SoilIO.sys [?]

    R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]

    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]

    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

    R3 soilkbc;soilkbc;C:\Windows\system32\drivers\soilkbc.sys --> C:\Windows\system32\drivers\soilkbc.sys [?]

    R3 SoilMC;SoilMC;C:\Windows\system32\drivers\SoilMC.sys --> C:\Windows\system32\drivers\SoilMC.sys [?]

    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

    RUnknown mbamchameleon;mbamchameleon; [x]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-24 250056]

    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

    S3 hitmanpro36;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?]

    S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

    S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?]

    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]


    =============== Created Last 30 ================


    2012-07-12 05:35:17 -------- d-----w- C:\Program Files (x86)\VS Revo Group

    2012-07-12 05:26:19 -------- d-----w- C:\Program Files\CCleaner

    2012-07-12 04:10:44 -------- d-----w- C:\Users\Lynchy\AppData\Roaming\Malwarebytes

    2012-07-12 04:10:32 -------- d-----w- C:\ProgramData\Malwarebytes

    2012-07-12 04:10:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

    2012-07-12 03:52:05 -------- d-----w- C:\Windows\pss

    2012-07-12 02:30:39 3148800 ----a-w- C:\Windows\System32\win32k.sys

    2012-07-10 02:38:17 30496 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys

    2012-07-10 02:26:54 -------- d-----w- C:\ProgramData\HitmanPro

    2012-07-09 21:20:59 -------- d-----w- C:\Program Files (x86)\myapp.exe

    2012-07-09 20:20:37 -------- d-----w- C:\Users\Lynchy\AppData\Roaming\SUPERAntiSpyware.com

    2012-07-09 20:20:22 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

    2012-07-09 20:20:22 -------- d-----w- C:\Program Files\SUPERAntiSpyware

    2012-07-09 12:42:09 -------- d-----w- C:\Users\Lynchy\AppData\Local\AVG Secure Search

    2012-07-09 12:41:49 -------- d-----w- C:\ProgramData\AVG Secure Search

    2012-07-09 12:41:47 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search

    2012-07-09 12:41:47 -------- d-----w- C:\Program Files (x86)\AVG Secure Search

    2012-07-09 12:40:21 -------- d-----w- C:\Windows\SysWow64\drivers\AVG

    2012-07-08 04:48:15 -------- d-----w- C:\Users\Lynchy\AppData\Local\syjpmxpn

    2012-07-06 18:39:06 -------- d-----w- C:\Users\Lynchy\AppData\Local\Apps

    2012-07-06 18:39:04 -------- d-----w- C:\Users\Lynchy\AppData\Local\Deployment

    2012-06-21 18:29:43 2622464 ----a-w- C:\Windows\System32\wucltux.dll

    2012-06-21 18:29:22 99840 ----a-w- C:\Windows\System32\wudriver.dll

    2012-06-21 18:27:52 36864 ----a-w- C:\Windows\System32\wuapp.exe

    2012-06-21 18:27:52 186752 ----a-w- C:\Windows\System32\wuwebv.dll

    2012-06-14 21:48:18 -------- d-----w- C:\Users\Lynchy\AppData\Local\{C09AA877-A8AA-4319-8ADB-7527A5E1F339}

    2012-06-13 15:12:06 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

    2012-06-13 15:12:05 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

    2012-06-13 15:12:04 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe


    ==================== Find3M ====================


    2012-07-11 17:27:16 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

    2012-07-11 17:27:16 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

    2012-07-09 11:36:13 99384 ----a-w- C:\Users\Lynchy\AppData\Roaming\inst.exe

    2012-07-09 11:36:13 82816 ----a-w- C:\Users\Lynchy\AppData\Roaming\pcouffin.sys

    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

    2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

    2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

    2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

    2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

    2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

    2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

    2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

    2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

    2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

    2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

    2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

    2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

    2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

    2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

    2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

    2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll


    ============= FINISH: 20:12:59.55 ===============


    DDS (Ver_2011-08-26.01)


    Microsoft Windows 7 Home Premium

    Boot Device: \Device\HarddiskVolume1

    Install Date: 10/02/2011 21:57:22

    System Uptime: 12/07/2012 11:53:53 (9 hours ago)


    Motherboard: Advent | |

    Processor: Celeron® Dual-Core CPU T3500 @ 2.10GHz | CPU 1 | 2094/200mhz


    ==== Disk Partitions =========================


    C: is FIXED (NTFS) - 290 GiB total, 54.392 GiB free.

    F: is CDROM ()


    ==== Disabled Device Manager Items =============


    ==== System Restore Points ===================


    RP233: 10/07/2012 04:10:15 - Windows Update

    RP236: 12/07/2012 03:07:29 - Windows Modules Installer

    RP237: 12/07/2012 03:15:23 - Windows Modules Installer

    RP238: 12/07/2012 03:23:09 - Windows Modules Installer

    RP239: 12/07/2012 06:41:05 - Revo Uninstaller's restore point - Babylon toolbar


    ==== Installed Programs ======================


    Adobe AIR

    Adobe Community Help

    Adobe Flash Player 11 ActiveX

    Adobe Flash Player 11 Plugin

    Adobe Media Player


    Akamai NetSession Interface

    Akamai NetSession Interface Service

    Apple Application Support

    Apple Software Update



    Cisco EAP-FAST Module

    Cisco LEAP Module

    Cisco PEAP Module


    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

    DSG OSD 1.01

    DTS+AC3 Filter


    GOM Player

    Intel AppUp(SM) center

    Java Auto Updater

    Java 6 Update 26

    JMicron Ethernet Adapter NDIS Driver

    JMicron Flash Media Controller Driver

    Junk Mail filter update

    KODAK AiO Software


    LG USB Modem driver

    Mesh Runtime

    Messenger Companion

    Microsoft Office 2010

    Microsoft Office 2010 Service Pack 1 (SP1)

    Microsoft Office Access MUI (English) 2010

    Microsoft Office Access Setup Metadata MUI (English) 2010

    Microsoft Office Click-to-Run 2010

    Microsoft Office Excel MUI (English) 2010

    Microsoft Office Home and Student 2010

    Microsoft Office OneNote MUI (English) 2010

    Microsoft Office Outlook MUI (English) 2010

    Microsoft Office PowerPoint MUI (English) 2010

    Microsoft Office Proof (English) 2010

    Microsoft Office Proof (French) 2010

    Microsoft Office Proof (Spanish) 2010

    Microsoft Office Proofing (English) 2010

    Microsoft Office Publisher MUI (English) 2010

    Microsoft Office Shared MUI (English) 2010

    Microsoft Office Shared Setup Metadata MUI (English) 2010

    Microsoft Office Single Image 2010

    Microsoft Office Starter 2010 - English

    Microsoft Office Word MUI (English) 2010

    Microsoft Silverlight

    Microsoft SQL Server 2005 Compact Edition [ENU]

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219








    MPEG2 Codec(libmpeg2/mad)



    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)




    REALTEK Wireless LAN Driver

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

    Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

    Security Update for Microsoft Office 2010 (KB2553091)

    Security Update for Microsoft Office 2010 (KB2553096)

    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition



    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

    Update for Microsoft .NET Framework 4 Extended (KB2468871)

    Update for Microsoft .NET Framework 4 Extended (KB2533523)

    Update for Microsoft .NET Framework 4 Extended (KB2600217)

    Update for Microsoft Office 2010 (KB2494150)

    Update for Microsoft Office 2010 (KB2553065)

    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2566458)

    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

    Vegas Movie Studio HD Platinum 10.0

    Visual Studio 2008 x64 Redistributables


    Winamp Detector Plug-in

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live Installer

    Windows Live Mail

    Windows Live Mesh

    Windows Live Mesh ActiveX Control for Remote Connections

    Windows Live Messenger

    Windows Live Messenger Companion Core

    Windows Live Movie Maker

    Windows Live Photo Common

    Windows Live Photo Gallery

    Windows Live PIMT Platform

    Windows Live SOXE

    Windows Live SOXE Definitions

    Windows Live UX Platform

    Windows Live UX Platform Language Pack

    Windows Live Writer

    Windows Live Writer Resources


    ==== Event Viewer Messages From Past Week ========


    12/07/2012 18:22:37, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

    12/07/2012 18:22:37, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.

    12/07/2012 18:21:37, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.

    12/07/2012 18:20:37, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).

    12/07/2012 18:20:37, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    12/07/2012 18:20:37, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    12/07/2012 18:20:37, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    12/07/2012 18:20:37, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    12/07/2012 18:20:37, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    12/07/2012 18:20:37, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    12/07/2012 18:20:37, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    12/07/2012 18:20:37, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    12/07/2012 18:20:37, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    12/07/2012 18:20:37, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    12/07/2012 18:20:37, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    12/07/2012 18:20:37, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    12/07/2012 18:20:37, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    12/07/2012 18:20:37, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    12/07/2012 18:20:37, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    12/07/2012 18:20:37, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    12/07/2012 18:12:34, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {A483C63A-CDBC-426E-BF93-872502E8144E}. The error: "8" Happened while starting this command: C:\Windows\system32\Macromed\Flash\FlashUtil64_11_3_300_265_ActiveX.exe -Embedding

    12/07/2012 18:09:55, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

    12/07/2012 06:55:24, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.

    12/07/2012 06:14:36, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

    12/07/2012 06:14:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

    12/07/2012 06:14:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    12/07/2012 06:14:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

    12/07/2012 06:14:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

    12/07/2012 06:14:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    12/07/2012 06:14:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

    12/07/2012 06:14:21, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgmfx64 DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf

    12/07/2012 06:14:21, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

    12/07/2012 06:14:21, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

    12/07/2012 06:14:21, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

    12/07/2012 06:14:21, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

    12/07/2012 06:14:21, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

    12/07/2012 06:14:21, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

    12/07/2012 06:14:19, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

    12/07/2012 06:14:19, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

    12/07/2012 06:14:19, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

    12/07/2012 06:14:19, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

    12/07/2012 06:14:19, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

    12/07/2012 04:24:51, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

    12/07/2012 03:22:28, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Malicious Software Removal Tool x64 - July 2012 (KB890830).

    12/07/2012 03:22:05, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070008: Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2719177).

    12/07/2012 03:07:24, Error: volsnap [6] - The shadow copy of volume C: could not create a new paged heap. The system may be low on virtual memory.

    10/07/2012 03:38:22, Error: Service Control Manager [7024] - The HitmanPro 3.6 Crusader (Boot) service terminated with service-specific error The operation completed successfully..

    10/07/2012 03:37:24, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

    09/07/2012 21:34:06, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.

    09/07/2012 17:41:49, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    09/07/2012 17:41:45, Error: Service Control Manager [7000] - The AVG Anti-Rootkit Driver service failed to start due to the following error: The system cannot find the file specified.

    09/07/2012 17:36:03, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgrkx64

    09/07/2012 12:36:30, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

    09/07/2012 12:34:30, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

    08/07/2012 15:47:26, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bonjour Service service to connect.

    08/07/2012 15:47:26, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    06/07/2012 01:20:42, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.


    ==== End Of File ===========================

  8. Hi there, i dont know the rules on the forum, if im aloud to start a new topic etc, so i do apologise if ive gone against any rules. All it is, a friend told me about malwarebyte a few days ago and told me to get it after i had a few problems with my computer.

    Basically, a pop up kept coming on the screen saying it had found a few trojans or viruses (cant remember exactly now what it said as ive managed to stop it from doing it) i was using AVG at the time and it the pop up was as if it was AVG that had found it, however, when i ran avg it didnt find anything. ive since uninstalled avg and gone for Superantispyware (again, suggested by the same friend), The only problem im having it trying to install malwarebyte's now, ive been reading up about it all over the last 2 days, ive tried renaming the file to mapp.exe and other things like that, i must have installed and uninstalled it about 20 times trying different methods but nothing seems to help. i think it all started the day googlechrome stopped working saying something about "profie wont load", i dont know if ive picked up some kind of virus or what?

    any help would be absolutely great! its driving me mental now! :( thanks alot. Paul.

  9. Hi there, i dont know the rules on the forum, if im aloud to start a new topic etc, so i do apologise if ive gone against any rules. All it is, a friend told me about malwarebyte a few days ago and told me to get it after i had a few problems with my computer.

    Basically, a pop up kept coming on the screen saying it had found a few trojans or viruses (cant remember exactly now what it said as ive managed to stop it from doing it) i was using AVG at the time and it the pop up was as if it was AVG that had found it, however, when i ran avg it didnt find anything. ive since uninstalled avg and gone for Superantispyware (again, suggested by the same friend), The only problem im having it trying to install malwarebyte's now, ive been reading up about it all over the last 2 days, ive tried renaming the file to mapp.exe and other things like that, i must have installed and uninstalled it about 20 times trying different methods but nothing seems to help. i think it all started the day googlechrome stopped working saying something about "profie wont load", i dont know if ive picked up some kind of virus or what?

    any help would be absolutely great! its driving me mental now! :( thanks alot. Paul.

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.