Re ntoskrnl.exe blue screen

[andyome2002]

Yesterday my Laptop crashed and would only get as far as the windows screen on boot up then straight to blue screen,memory dump and ntsokrnl.exe as the last entry,I can run windows in safemode with networking but not in normal mode.I have run Avast and Malaware and neither could solve the Issue,Help Please

I have attatched log from Hijack this any help would be appreciated

Thanks

Andy

I forgot to post log so here it is,I have run Malware and Avast and tried system restore.

Help Please

Andy

hijackthis log.txt

[Maniac]

Hello Andy! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
  

Please follow the instructions here and post your log files:

http://forums.malwarebytes.org/index.php?showtopic=9573

[andyome2002]

Hi Maniac

here is the log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 29/11/2011 16:29:37

System Uptime: 02/05/2013 16:01:05 (0 hours ago)

.

Motherboard: Quanta | | 3636

Processor: AMD Turion II Dual-Core Mobile M520 | Socket S1G3 | 2294/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 284 GiB total, 164.562 GiB free.

D: is FIXED (NTFS) - 13 GiB total, 2.215 GiB free.

E: is CDROM ()

G: is CDROM ()

H: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}

Description: Consumer IR Devices

Device ID: ROOT\SYSTEM\0001

Manufacturer: Microsoft

Name: Consumer IR Devices

PNP Device ID: ROOT\SYSTEM\0001

Service: circlass

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: avast! Network Shield Support

Device ID: ROOT\LEGACY_ASWTDI\0000

Manufacturer:

Name: avast! Network Shield Support

PNP Device ID: ROOT\LEGACY_ASWTDI\0000

Service: aswTdi

.

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}

Description: Unknown Device

Device ID: USB\VID_0000&PID_0000\5&13412FDA&0&3

Manufacturer: (Standard USB Host Controller)

Name: Unknown Device

PNP Device ID: USB\VID_0000&PID_0000\5&13412FDA&0&3

Service:

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP184: 15/04/2013 09:32:56 - Windows Update

RP185: 15/04/2013 13:35:51 - Windows Update

RP186: 16/04/2013 20:00:43 - Windows Update

RP187: 17/04/2013 08:12:13 - Windows Update

RP188: 23/04/2013 23:25:05 - Windows Update

RP189: 24/04/2013 04:35:00 - Windows Update

RP190: 30/04/2013 08:22:52 - Windows Update

RP191: 30/04/2013 09:34:45 - Windows Update

.

==== Image File Execution Options =============

.

.

==== Installed Programs ======================

.

.

==== End Of File ===========================

[andyome2002]

And here is the other Log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 29/11/2011 16:29:37

System Uptime: 02/05/2013 16:01:05 (0 hours ago)

.

Motherboard: Quanta | | 3636

Processor: AMD Turion II Dual-Core Mobile M520 | Socket S1G3 | 2294/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 284 GiB total, 164.562 GiB free.

D: is FIXED (NTFS) - 13 GiB total, 2.215 GiB free.

E: is CDROM ()

G: is CDROM ()

H: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}

Description: Consumer IR Devices

Device ID: ROOT\SYSTEM\0001

Manufacturer: Microsoft

Name: Consumer IR Devices

PNP Device ID: ROOT\SYSTEM\0001

Service: circlass

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: avast! Network Shield Support

Device ID: ROOT\LEGACY_ASWTDI\0000

Manufacturer:

Name: avast! Network Shield Support

PNP Device ID: ROOT\LEGACY_ASWTDI\0000

Service: aswTdi

.

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}

Description: Unknown Device

Device ID: USB\VID_0000&PID_0000\5&13412FDA&0&3

Manufacturer: (Standard USB Host Controller)

Name: Unknown Device

PNP Device ID: USB\VID_0000&PID_0000\5&13412FDA&0&3

Service:

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP184: 15/04/2013 09:32:56 - Windows Update

RP185: 15/04/2013 13:35:51 - Windows Update

RP186: 16/04/2013 20:00:43 - Windows Update

RP187: 17/04/2013 08:12:13 - Windows Update

RP188: 23/04/2013 23:25:05 - Windows Update

RP189: 24/04/2013 04:35:00 - Windows Update

RP190: 30/04/2013 08:22:52 - Windows Update

RP191: 30/04/2013 09:34:45 - Windows Update

.

==== Image File Execution Options =============

.

.

==== Installed Programs ======================

.

.

==== End Of File ===========================

[Maniac]

This is Attach.txt , but what about DDS.txt ?

[andyome2002]

Hi

It is not on the desktop,nor can i find it in search ? only appear to have the attatch file,I have run DDS

again and still cant find it

Thanks

Andy

[andyome2002]

Hi Again

Sorry I missed the donation part,if we can resolve my issue I will definately make a donation

Thanks Again

Andy

[Maniac]

Don't worry about donation.

Please try to re-run DDS and catch both log files. Post them directly in your next reply.

[andyome2002]

Have run DDS again and still cant get txt file only the attatch file ?

any other suggestions

Thanks

Andy

[Maniac]

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
    

[andyome2002]

OTL logfile created on: 04/05/2013 17:48:15 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andy\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.38 Gb Available Physical Memory | 84.48% Memory free

7.99 Gb Paging File | 7.39 Gb Available in Paging File | 92.44% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 284.44 Gb Total Space | 169.34 Gb Free Space | 59.54% Space Free | Partition Type: NTFS

Drive D: | 13.36 Gb Total Space | 2.22 Gb Free Space | 16.59% Space Free | Partition Type: NTFS

Computer Name: ANDY-PC | User Name: Andy | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/04 17:46:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2012/03/02 22:34:24 | 000,441,856 | ---- | M] (Alcatel-Lucent) [Auto | Stopped] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)

SRV:64bit: - [2009/07/22 02:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)

SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/08 21:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)

SRV:64bit: - [2009/07/02 19:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/07/02 02:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV:64bit: - [2009/03/02 22:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)

SRV - [2013/05/01 15:11:18 | 001,008,816 | ---- | M] (AVG Secure Search) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe -- (vToolbarUpdater15.1.0)

SRV - [2013/04/04 11:28:22 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/03/02 22:34:26 | 000,361,472 | ---- | M] (Alcatel-Lucent) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe -- (pcCMService)

SRV - [2011/11/30 22:53:50 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\599\g2aservice.exe -- (GoToAssist)

SRV - [2011/09/14 23:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)

SRV - [2011/09/05 18:00:52 | 000,393,648 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2009/07/22 02:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV)

SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/05/22 19:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2009/03/02 22:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)

SRV - [2009/02/22 20:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Disabled | Stopped] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/01 15:11:18 | 000,040,736 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)

DRV:64bit: - [2012/10/30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2012/10/30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2012/10/30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2012/10/30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2012/10/30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2012/10/15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/12/08 09:32:34 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011/09/29 10:49:56 | 000,066,552 | ---- | M] (Mozy, Inc.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\mozy.sys -- (mozyFilter)

DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2010/03/02 17:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009/07/22 02:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2009/07/21 04:39:22 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)

DRV:64bit: - [2009/07/17 21:58:30 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2009/07/17 21:58:24 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2009/07/17 21:58:22 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2009/07/17 21:58:18 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/08 21:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2009/07/08 21:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2009/07/02 19:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/06/29 19:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)

DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)

DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/05 11:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009/05/23 07:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/05/05 06:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)

DRV:64bit: - [2009/04/29 16:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV:64bit: - [2009/03/09 14:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV - [2012/07/05 06:58:02 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2012/07/05 06:57:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E4BDCA51-BE15-467C-A52C-B57BB3A81BEC}

IE:64bit: - HKLM\..\SearchScopes\{04E1BA75-34C0-44F7-8836-5BACE11E5CC2}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936

IE:64bit: - HKLM\..\SearchScopes\{96E5210E-5DAE-47C4-9CA9-8CA2733F7CAB}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008

IE:64bit: - HKLM\..\SearchScopes\{E4BDCA51-BE15-467C-A52C-B57BB3A81BEC}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcnnbie7-en-gb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010006.10031&barid={9496D4EE-687C-11E2-B1D5-0A60762A4F73}

IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}

IE - HKLM\..\SearchScopes\{04E1BA75-34C0-44F7-8836-5BACE11E5CC2}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936

IE - HKLM\..\SearchScopes\{96E5210E-5DAE-47C4-9CA9-8CA2733F7CAB}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008

IE - HKLM\..\SearchScopes\{E4BDCA51-BE15-467C-A52C-B57BB3A81BEC}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcnnbie7-en-gb

IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10031&barid={9496D4EE-687C-11E2-B1D5-0A60762A4F73}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3570034143-677652048-3367035766-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb

IE - HKU\S-1-5-21-3570034143-677652048-3367035766-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

IE - HKU\S-1-5-21-3570034143-677652048-3367035766-1001\..\SearchScopes,DefaultScope = {E4BDCA51-BE15-467C-A52C-B57BB3A81BEC}

IE - HKU\S-1-5-21-3570034143-677652048-3367035766-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=766B0A60762A4F73

IE - HKU\S-1-5-21-3570034143-677652048-3367035766-1001\..\SearchScopes\{907740DF-0AD1-45DC-8641-6B7C8F254DC5}: "URL" = http://www.bing.com/search?q={searchTerms}&r=74

IE - HKU\S-1-5-21-3570034143-677652048-3367035766-1001\..\SearchScopes\{E4BDCA51-BE15-467C-A52C-B57BB3A81BEC}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcnnbie7-en-gb

IE - HKU\S-1-5-21-3570034143-677652048-3367035766-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10031&barid={9496D4EE-687C-11E2-B1D5-0A60762A4F73}

IE - HKU\S-1-5-21-3570034143-677652048-3367035766-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3570034143-677652048-3367035766-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: ""

FF - prefs.js..extensions.enabledAddons: pricepeep@getpricepeep.com:2.1.0.20

FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.8.0.2

FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""

FF - prefs.js..browser.startup.homepage: "http://uk.ask.com/?l=dis&o=16518"

FF - prefs.js..browser.startup.homepage: "http://home.sweetim.com/?crg=3.1010006.10031&barid={9496D4EE-687C-11E2-B1D5-0A60762A4F73}"

FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.1.0\\npsitesafety.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/01 10:59:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/24 20:59:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/05 10:05:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\Mozilla\Extensions

[2013/05/01 08:58:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\2f5rqehj.default\extensions

[2013/03/29 09:54:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\2f5rqehj.default\extensions\ffxtlbr@babylon.com

[2012/12/13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\2f5rqehj.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi

[2012/12/12 23:39:42 | 000,053,945 | ---- | M] () (No name found) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\2f5rqehj.default\extensions\pricepeep@getpricepeep.com.xpi

[2013/01/27 13:25:47 | 000,189,829 | ---- | M] () (No name found) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\2f5rqehj.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

[2013/01/27 13:27:21 | 000,003,998 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\2f5rqehj.default\searchplugins\sweetim.xml

[2012/09/18 08:25:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/03/29 22:20:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

[2011/11/21 05:26:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/11/21 02:23:17 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml

[2013/03/29 09:54:06 | 000,006,468 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2011/11/21 02:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/11/21 02:23:17 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml

[2011/11/21 02:23:17 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml

[2011/11/21 02:23:17 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - plugin: Silverlight (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: Movie2kDownloader = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf\1.0_0\

CHR - Extension: YouTube = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Google Search = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Shopping Sidekick Plugin = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.20.5_0\crossrider

CHR - Extension: Shopping Sidekick Plugin = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.20.5_0\

CHR - Extension: Motive Extension = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.0_0\

CHR - Extension: avast! WebRep = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

CHR - Extension: avast! WebRep = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\

CHR - Extension: PricePeep = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.1.0.20_0\

CHR - Extension: Yontoo = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\

CHR - Extension: Yontoo = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_1\

CHR - Extension: SweetPacks Chrome Extension = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\

CHR - Extension: Gmail = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

CHR - Extension: Movie2kDownloader = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf\1.0_0\

CHR - Extension: YouTube = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Google Search = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Shopping Sidekick Plugin = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.20.5_0\crossrider

CHR - Extension: Shopping Sidekick Plugin = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.20.5_0\

CHR - Extension: Motive Extension = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.0_0\

CHR - Extension: avast! WebRep = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

CHR - Extension: avast! WebRep = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\

CHR - Extension: PricePeep = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.1.0.20_0\

CHR - Extension: Yontoo = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\

CHR - Extension: Yontoo = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_1\

CHR - Extension: SweetPacks Chrome Extension = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\

CHR - Extension: Gmail = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.1.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)

O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.1.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)

O3 - HKU\S-1-5-21-3570034143-677652048-3367035766-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-3570034143-677652048-3367035766-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-21-3570034143-677652048-3367035766-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O3 - HKU\S-1-5-21-3570034143-677652048-3367035766-1001\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)

O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)

O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [bSDAppUpdater] C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe (Bootstrap Software Development)

O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)

O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)

O4 - HKLM..\Run: [updatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe (AVG Secure Search)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3570034143-677652048-3367035766-1001..\Run: [Amazon Cloud Drive] C:\Users\Andy\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe ()

O4 - HKU\S-1-5-21-3570034143-677652048-3367035766-1001..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)

O4 - HKU\S-1-5-21-3570034143-677652048-3367035766-1001..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)

O4 - HKU\S-1-5-21-3570034143-677652048-3367035766-1001..\Run: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe (PC Drivers Headquarters)

O4 - HKU\S-1-5-21-3570034143-677652048-3367035766-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)

O4 - HKU\S-1-5-21-3570034143-677652048-3367035766-1001..\Run: [spotify] C:\Users\Andy\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)

O4 - HKU\S-1-5-21-3570034143-677652048-3367035766-1001..\Run: [spotify Web Helper] C:\Users\Andy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

O4 - HKLM..\RunOnce: [1] C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe ()

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2

O7 - HKU\S-1-5-21-3570034143-677652048-3367035766-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2

O7 - HKU\S-1-5-21-3570034143-677652048-3367035766-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O7 - HKU\S-1-5-21-3570034143-677652048-3367035766-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0

O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )

O15 - HKU\S-1-5-21-3570034143-677652048-3367035766-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-3570034143-677652048-3367035766-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-3570034143-677652048-3367035766-1001\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-3570034143-677652048-3367035766-1001\..Trusted Domains: sony.com ([]* in Trusted sites)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45B413A2-AF70-4865-ABE9-DD60FA96A829}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{528DF2FD-977B-4C84-B4C1-00C089416170}: DhcpNameServer = 40.7.1.100

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.1.0\ViProtocol.dll (AVG Secure Search)

O18:64bit: - Protocol\Filter\text/xml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\599\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\599\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/04 17:46:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe

[2013/05/04 10:42:37 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Andy\Desktop\dds2.scr

[2013/05/01 22:03:59 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Andy\Desktop\dds.scr

[2013/05/01 15:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search

[2013/05/01 09:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2013/05/01 09:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2013/05/01 09:28:29 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Systweak

[2013/05/01 09:28:28 | 000,019,896 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe

[2013/05/01 09:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro

[2013/05/01 09:28:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro

[2013/05/01 08:36:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers

[2013/04/30 23:09:28 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\NPE

[2013/04/30 20:04:24 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Foresight Software

[2013/04/30 20:04:24 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\DriverCure

[2013/04/30 20:04:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Foresight Software

[2013/04/30 20:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Foresight Software

[2013/04/30 20:04:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foresight Software

[2013/04/30 09:06:40 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Muroym

[2013/04/30 09:06:40 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Ipbyaq

[2013/04/16 15:29:31 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Programs

[2013/04/16 15:24:00 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\MFAData

[2013/04/16 15:24:00 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Avg2013

========== Files - Modified Within 30 Days ==========

[2013/05/04 17:46:42 | 000,783,354 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/05/04 17:46:42 | 000,667,474 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/05/04 17:46:42 | 000,126,150 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/05/04 17:46:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe

[2013/05/04 17:42:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/05/04 17:42:10 | 3218,153,472 | -HS- | M] () -- C:\hiberfil.sys

[2013/05/04 10:50:26 | 338,661,365 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2013/05/04 10:43:00 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Andy\Desktop\dds2.scr

[2013/05/04 10:33:28 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job

[2013/05/03 08:49:32 | 000,000,085 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\mbam.context.scan

[2013/05/02 10:10:40 | 000,002,806 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\wklnhst.dat

[2013/05/01 22:06:27 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Andy\Desktop\dds.scr

[2013/05/01 15:11:18 | 000,040,736 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys

[2013/05/01 10:59:22 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2013/05/01 10:59:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2013/05/01 10:14:21 | 000,354,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/05/01 09:37:32 | 000,209,094 | ---- | M] () -- C:\Users\Andy\Documents\cc_20130501_093720.reg

[2013/05/01 09:35:38 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2013/05/01 09:28:27 | 000,001,050 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk

[2013/05/01 08:58:52 | 000,000,228 | ---- | M] () -- C:\Windows\tasks\0.job

[2013/04/30 22:39:07 | 000,788,104 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/04/30 09:37:09 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/04/30 09:37:09 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/04/16 19:45:24 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/04/16 15:29:46 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/04/16 15:19:09 | 095,023,320 | ---- | M] () -- C:\ProgramData\z6r3mj.pad

[2013/04/16 15:17:49 | 000,000,152 | ---- | M] () -- C:\ProgramData\z6r3mj.reg

[2013/04/16 15:17:49 | 000,000,056 | ---- | M] () -- C:\ProgramData\z6r3mj.bat

[2013/04/16 14:23:55 | 000,001,025 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk

[2013/04/15 13:19:39 | 095,023,320 | ---- | M] () -- C:\ProgramData\eqbqdz.pad

[2013/04/15 09:11:42 | 095,023,320 | ---- | M] () -- C:\ProgramData\todz6f.pad

[2013/04/11 16:09:38 | 014,129,980 | ---- | M] () -- C:\Users\Andy\Documents\Atco_Commodore0001[1].pdf

[2013/04/11 15:50:31 | 000,772,531 | ---- | M] () -- C:\Users\Andy\Documents\Balmoral.pdf

[2013/04/05 08:17:55 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/04/05 08:17:55 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

========== Files Created - No Company Name ==========

[2013/05/04 10:34:16 | 338,661,365 | ---- | C] () -- C:\Windows\MEMORY.DMP

[andyome2002]

OTL Extras logfile created on: 04/05/2013 17:48:15 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andy\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.38 Gb Available Physical Memory | 84.48% Memory free

7.99 Gb Paging File | 7.39 Gb Available in Paging File | 92.44% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 284.44 Gb Total Space | 169.34 Gb Free Space | 59.54% Space Free | Partition Type: NTFS

Drive D: | 13.36 Gb Total Space | 2.22 Gb Free Space | 16.59% Space Free | Partition Type: NTFS

Computer Name: ANDY-PC | User Name: Andy | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3570034143-677652048-3367035766-1001\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with Corel PaintShop Pro X4] -- "c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with Corel PaintShop Pro X4] -- "c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{06240D0B-81F5-4FFD-B638-EB7C8EB608B0}" = rport=138 | protocol=17 | dir=out | app=system |

"{145E442B-9FED-49BF-A9EB-E201C2F24565}" = lport=445 | protocol=6 | dir=in | app=system |

"{35849A29-9EF7-4D1C-88B9-CCA38D1FCA17}" = lport=137 | protocol=17 | dir=in | app=system |

"{3715D827-FE03-4BE5-B620-FCE6D251D409}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{4F0F0350-B8DC-4DEC-875E-9569F572AEB2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{5427BC79-8885-492F-8109-7BED17D13722}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{5B0D74B6-46B0-4443-AF94-8D30AD2AB3DC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{5F060F5E-C7C1-4A61-8174-D46D46134CF1}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |

"{60089915-BA5D-4AF5-8C52-88F665946507}" = lport=138 | protocol=17 | dir=in | app=system |

"{661D0DF4-2CFC-4FE0-89C8-F89C3A104CAF}" = lport=139 | protocol=6 | dir=in | app=system |

"{73713B4B-987A-4171-8303-5853B85838AA}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |

"{78A7B05E-855E-48CE-9C3D-D6A9F31B9E52}" = rport=139 | protocol=6 | dir=out | app=system |

"{852B34FD-F2DA-4AE0-AAE0-D480F4C851DD}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |

"{982DBCD1-0B32-4A94-9E46-237E0457B12E}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A3CA9BED-DDD2-402E-88B0-29AC3F735B7B}" = lport=10243 | protocol=6 | dir=in | app=system |

"{AD7167BE-9644-4660-A0C6-74B8360CB3BA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{ADABBC07-A610-4476-B6AE-41ADBBFB106F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B04DF544-D17F-47A6-BB2E-F222965BF088}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{B9803798-1F91-44E1-9E2E-44DC55F2953F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{C2BB50F6-8500-4F71-9604-145AA87EE098}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{C50773F0-DE7E-44C6-B1E9-3020B92B675D}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |

"{C6A5253F-CCB5-4ACE-A3BB-5DDF92A02D9B}" = rport=10243 | protocol=6 | dir=out | app=system |

"{C908C1FE-62C5-42E3-844B-8C9718B96D6F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{CAD78894-39F5-41BB-B254-DF96D871F5FE}" = rport=445 | protocol=6 | dir=out | app=system |

"{D6D5CE40-32B6-435C-A987-6C5F6BE98FFC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{E980072F-D626-48C6-84E1-F5DB8E05C248}" = lport=2869 | protocol=6 | dir=in | app=system |

"{EEB18D9E-15B0-4E61-A64F-1AF293649538}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{F0B78263-B37E-435D-859E-E603F5E46EEE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F485FC39-1B2A-44EA-B9FF-4ACFB17D940C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

"{F7AB7A70-976D-4E63-BBB7-D57D1E1DC9D1}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0178ECE5-C989-47E0-B57C-6D03F3F4E290}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |

"{029E6EA5-3471-411E-9E2F-CAC0E74E35C7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{097DE7F0-4E06-4E0D-9BAB-544D8D12886A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{170B0CB3-A0E6-408C-A75E-6C2A1BD0164D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |

"{18BF5CFC-ABFB-4506-A2B4-6ADFBDFD2775}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{1D6AC749-FB4C-41C5-BDF2-823F7FB9BC06}" = protocol=6 | dir=in | app=c:\program files (x86)\bt broadband desktop help\btbb\bthelpbrowser.exe |

"{2384F4BB-D2FC-4083-A7D5-90ED97E3703E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{2650507D-A833-4A64-B033-09669B86BAD3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{37CB53AA-9DE5-40B1-B37F-0EFE6C5CC630}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{37D530C4-D12F-41AD-80A5-2EE7D25BDA08}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |

"{3AA6A65D-FF6A-41BB-99C1-570087D7DF46}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{3DA111E8-8CF0-4B42-B165-119BAF3CC221}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{4358A26E-5C5D-42F9-B4DA-980E64A382D7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{435B7430-EF87-452E-9861-BF9FEBAA382F}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |

"{505C9A94-A3CB-4448-B552-D088A68FE263}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |

"{5BC1AD8E-3170-4F77-8C4F-17EDE0F7C72F}" = protocol=17 | dir=in | app=c:\program files (x86)\bt broadband desktop help\btbb\bthelpbrowser.exe |

"{5FA6F3FA-B910-4D28-84F0-8DAD7BEC5BAD}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |

"{609BFCD3-4F2F-4698-BDFC-BBC6476A9CF6}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |

"{6B245EE2-6631-4EA9-88CA-89DA7C994C0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{6B35CEF0-52E0-45E7-B9E2-CBCB4FEE5D54}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{74C0C025-EE14-4005-893A-7F870D449725}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |

"{81132683-4CEC-41E4-BDD9-F98CC4FE1513}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |

"{8D28DB52-5CA5-4E20-9450-F7F6384B76DC}" = protocol=6 | dir=out | app=system |

"{924BE15D-2771-4645-8154-35D59956198A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |

"{948C4500-C510-41EB-8ABD-62F8F5806427}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{9872119B-9A05-4DC2-A9EB-DEE9813AF5F2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{9989567C-48DE-487F-938C-88D515B35C06}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{9CAB6A7F-7504-4806-9B6C-FD78B0FA2015}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{9F46003F-2FE1-402D-8BC1-0FDFC9242F21}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A3139AE4-87A2-4B3F-8ED1-03B7294B0E72}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{AAA164F4-41C9-4C32-9F03-C0A597559824}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{AB4B0FCA-395C-4F7B-BD8B-4685FDB23E3F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{AE4460DA-A145-4A79-AE8C-052470893FC9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |

"{B052C6D0-23C8-46A2-A4CB-2A875AB5752E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{B0730444-B790-4EA5-9566-F9EFD7477656}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{B2E16406-6014-4D59-BB5C-A08320757609}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{BA95664B-F1FE-4594-8D5B-87596887AD08}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{BB718466-7BA3-427C-AA07-BC9C8EED0971}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |

"{C07914F8-FD18-4A2E-BF4F-1EC0E196F2CA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{C317A0C6-7D59-402C-B4FD-8590058E202F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{CF88C293-1FCA-47B9-97ED-C25387DD0368}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{DAF6BAC9-50C2-4159-B7CC-EA715121D9FA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{E6D8081E-E145-4989-B4CB-B4EB88D3F819}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{F3464A99-9FDA-4491-8D4B-2781848D21AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{F7869FFA-7E43-4D71-B65D-7FB7AEB3B27A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |

"{F7D23EBF-2525-4C14-9224-2ABB955BAA46}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |

"TCP Query User{2897E518-0F50-4AAC-8219-C303285CADDE}C:\users\andy\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\andy\appdata\roaming\spotify\spotify.exe |

"TCP Query User{58E4D2AB-102E-41AF-B3ED-43E5F3C5E62A}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe |

"TCP Query User{D322C8D9-1460-46F9-B34E-18AA708841F1}C:\users\andy\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\andy\appdata\roaming\spotify\spotify.exe |

"TCP Query User{DA20F0CA-7CA6-43C2-93C2-C7868C96C930}C:\program files (x86)\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseek\slsk.exe |

"UDP Query User{9023BB1A-4AF9-4A66-950B-ED61550EDF48}C:\users\andy\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\andy\appdata\roaming\spotify\spotify.exe |

"UDP Query User{A5F5A9F3-0BD8-402A-823D-BDC3113DEBE4}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe |

"UDP Query User{D0D36EF2-9FAA-48CE-BB28-3D4AF0D0BA47}C:\users\andy\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\andy\appdata\roaming\spotify\spotify.exe |

"UDP Query User{D8589B8A-483E-404F-8262-D96D63C222DE}C:\program files (x86)\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseek\slsk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0015DE8E-8D9F-403E-8E5A-4098410E6125}" = PSPPro64

"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes

"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java 6 Update 14 (64-bit)

"{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}" = Adobe Premiere Elements 10

"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer

"{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}" = SmartSound Premiere Elements 10 x64 Plugin

"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud

"{4EBB71B6-EF61-0263-9665-C041F6EE4A7F}" = MozyHome

"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10

"{6C47240C-016E-03B5-D13E-AECAED09F2E3}" = ATI Catalyst Install Manager

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support

"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard

"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{ADEB3402-CFBD-00E2-0EE6-F6A3F1AFACF0}" = ccc-utility64

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}" = WinZip 17.0

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CCleaner" = CCleaner

"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"PremElem100" = Adobe Premiere Elements 10

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{00580795-581C-4587-B9F2-37320D7AB37F}" = Corel PaintShop Pro X4

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{00580795-581C-4587-B9F2-37320D7AB37F}" = ICA

"{006CAAEF-CA96-4181-AC22-FE56D61432E4}" = PSPPContent

"{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}" = Corel PaintShop Pro X4

"{00BEE329-BAAB-49FF-9B66-55E4B12B9ADD}" = IPM_PSP_COM

"{00D13418-7DDF-4D3D-A237-E297B103BB6B}" = Setup

"{00D74A7A-F7AD-4D00-ABD2-0973836292C7}" = PSPPHelp

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam

"{09CC0D0E-061D-3C7B-3881-D2EB53A8AAFC}" = CCC Help Polish

"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{177CD779-4EEC-43C5-8DEA-4E0EC103624B}" = Driver Manager

"{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver

"{26606D8F-3133-DBE2-8AF5-AB28F300860A}" = CCC Help Chinese Standard

"{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{26DB09BC-6EB5-4CE0-A05D-D4DECE60E189}_is1" = Phoenix Viewer 1.6.0.1691

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{293FE8CE-376E-4F5E-B129-D3A2065F2EA7}" = Amazon Cloud Drive

"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes

"{33C17B75-EA9C-0687-9CED-03D92637B042}" = CCC Help Hungarian

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons

"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3FBDB7B8-7472-E895-2E5D-99D190B2D1B6}" = Catalyst Control Center InstallProxy

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{4270958F-221B-423F-B21A-4938C8623196}" = Admiralty RYA Electronic Chart Plotter and Tutorial - Training Version

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update

"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver

"{546937C5-0529-333E-0D5E-FE3C53108806}" = CCC Help Japanese

"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant

"{55C70B62-5EF1-D527-7CAB-E50D8B3B4990}" = Catalyst Control Center Graphics Full New

"{56BA241F-580C-43D2-8403-947241AAE633}" = center

"{577ED77E-25D9-1A76-4EF0-773B9C173758}" = CCC Help Portuguese

"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements

"{5DB4EA68-A509-D408-585C-C9D045FADF72}" = Catalyst Control Center Graphics Previews Vista

"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV

"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer

"{6D335F78-1F4F-7826-56DD-4F350EA6EADD}" = CCC Help Greek

"{6EF04EAE-0354-9919-E757-F1203E6F422B}" = CCC Help Italian

"{7028B245-30A2-BD8C-31B9-6008216FBDC2}" = CCC Help French

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{779D3256-84D0-936F-18F9-A154DC85B4B4}" = Catalyst Control Center Localization All

"{779D8CA1-03DD-4AD4-B21F-3E20BFE7BEDE}" = SketchUp 8

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7F4DA5B8-6884-47F2-AEBA-D9111E420C63}" = CCC Help Danish

"{7F9A8D27-A1B9-164F-FCB1-0B64C88629CF}" = CCC Help Norwegian

"{803263F7-8CAC-DC6D-3288-8128865A7472}" = CCC Help German

"{82A213BD-B6AA-4281-A2D3-59D51893CC56}" = HP MediaSmart Software Notebook Demo

"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver

"{8CC47AA0-5774-61FC-6A59-7E1C936DB753}" = ccc-core-static

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95140000-0137-0409-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter

"{98823CC0-51DA-565C-FF90-DCC72D47BD24}" = Amazon Music Importer

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A28867B-109A-5BBF-85C0-FC1BAA98CA1C}" = CCC Help Russian

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9F06F464-479A-403E-AF92-70CBB8D674A1}" = PRE10STI64Installer

"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help

"{A8BCC9E4-9036-3029-F2BC-AA73A62DA73D}" = CCC Help Turkish

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI

"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154

"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor

"{B5C746E6-D961-445C-3768-5B6FAF6A1A31}" = CCC Help Spanish

"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data

"{BA8B8ADA-084F-4F79-A0CA-6E58A0808794}" = FlashPlayer

"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials

"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr

"{C0769946-2CF1-9E8D-009B-5C413B3F01D1}" = CCC Help Czech

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C4F7EEE5-3D99-8552-7483-B2F412838B2A}" = Catalyst Control Center Graphics Previews Common

"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update

"{D4C41D27-A2D5-94C6-1D08-3D470A12EAF0}" = CCC Help Swedish

"{D9D6A848-1BFD-592B-5F9D-0BA8692FDF0B}" = CCC Help Finnish

"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq

"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"{DCD91C2F-3A86-B328-59A0-5EED6190D983}" = Catalyst Control Center Graphics Full Existing

"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software

"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV

"{E5F5CAA5-84ED-DE41-40D0-8926FE7E5F4D}" = Catalyst Control Center Graphics Light

"{E6CE345D-BF83-1242-9E4D-3D60A5036D87}" = CCC Help English

"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1

"{EC155897-712F-5637-A5DA-6C7CE7CB5521}" = CCC Help Korean

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10

"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr

"{F0580F64-44A1-C607-9364-887912B74F4D}" = CCC Help Thai

"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL

"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup

"{F3F9A4E5-CD9F-4657-CF99-5CE3F7729909}" = Catalyst Control Center Core Implementation

"{F5B1D41A-05B9-98E2-C350-E69D4A444CB4}" = CCC Help Chinese Traditional

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FCF0F615-6E70-B949-028F-88D32C55C2BC}" = CCC Help Dutch

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"1ClickDownload" = HDVidCodec

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17

"AudibleDownloadManager" = Audible Download Manager

"avast" = avast! Free Antivirus

"AVG Secure Search" = AVG Security Toolbar

"BT Desktop Help" = BT Desktop Help

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant

"com.amazon.music.uploader" = Amazon Music Importer

"EasyBits Magic Desktop" = Magic Desktop

"Free Internet Window Washer" = Free Internet Window Washer

"Google Chrome" = Google Chrome

"GoToAssist" = GoToAssist Corporate

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam

"InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV

"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"MediaWidget - Easy iPod Transfer_is1" = MediaWidget 6.0

"Mozilla Firefox 8.0.1 (x86 en-GB)" = Mozilla Firefox 8.0.1 (x86 en-GB)

"RegClean Pro_is1" = RegClean Pro

"SmartDraw 2012" = SmartDraw 2012

"Soulseek" = SoulSeek Client 156c

"Sweetpacks Bundle Uninstaller" = Sweetpacks Bundle Uninstaller

"WildTangent hp Master Uninstall" = HP Games

"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3570034143-677652048-3367035766-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 29/04/2013 12:12:32 | Computer Name = Andy-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1623

Error - 29/04/2013 12:12:32 | Computer Name = Andy-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1623

Error - 29/04/2013 12:12:33 | Computer Name = Andy-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 29/04/2013 12:12:33 | Computer Name = Andy-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 2683

Error - 29/04/2013 12:12:33 | Computer Name = Andy-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 2683

Error - 29/04/2013 15:09:09 | Computer Name = Andy-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 29/04/2013 15:09:09 | Computer Name = Andy-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 10598162

Error - 29/04/2013 15:09:09 | Computer Name = Andy-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 10598162

Error - 29/04/2013 15:09:13 | Computer Name = Andy-PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,

time stamp: 0x4ce7a313 Faulting module name: unknown, version: 0.0.0.0, time stamp:

0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000100000000 Faulting process

id: 0x1ad4 Faulting application start time: 0x01ce44d51e8b6793 Faulting application

path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: unknown

Report

Id: 473c40a7-b100-11e2-b22a-002713374d37

Error - 30/04/2013 03:45:16 | Computer Name = Andy-PC | Source = SideBySide | ID = 16842761

Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error

in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on

line 2. The manifest file root element must be assembly.

Error - 30/04/2013 04:05:54 | Computer Name = Andy-PC | Source = Application Error | ID = 1000

Description = Faulting application name: 4c2l3veuh7f6f.exe, version: 0.0.0.0, time

stamp: 0x517e82ce Faulting module name: 4c2l3veuh7f6f.exe, version: 0.0.0.0, time

stamp: 0x517e82ce Exception code: 0xc0000005 Fault offset: 0x00005022 Faulting process

id: 0x11b8 Faulting application start time: 0x01ce45798821d9c5 Faulting application

path: C:\Users\Andy\4c2l3veuh7f6f.exe Faulting module path: C:\Users\Andy\4c2l3veuh7f6f.exe

Report

Id: c7933560-b16c-11e2-b22a-002713374d37

[ Hewlett-Packard Events ]

Error - 27/03/2013 13:11:19 | Computer Name = Andy-PC | Source = Hewlett-Packard | ID = 0

Description =

Error - 27/03/2013 13:11:35 | Computer Name = Andy-PC | Source = Hewlett-Packard | ID = 0

Description = en-GB '' is not a valid value for property 'Title'. WindowsBase at

System.Windows.DependencyObject.SetValueCommon(DependencyProperty dp, Object value,

PropertyMetadata metadata, Boolean coerceWithDeferredReference, OperationType operationType,

Boolean isInternal) at System.Windows.DependencyObject.SetValue(DependencyProperty

dp, Object value) at System.Windows.Window.set_Title(String value) at HPAssistant.HPAMain.bgAsset_RunWorkerCompleted(Object

sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs

e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)

at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,

Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object

source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error - 03/04/2013 19:54:05 | Computer Name = Andy-PC | Source = Hewlett-Packard | ID = 0

Description =

Error - 03/04/2013 19:54:21 | Computer Name = Andy-PC | Source = Hewlett-Packard | ID = 0

Description = en-GB '' is not a valid value for property 'Title'. WindowsBase at

System.Windows.DependencyObject.SetValueCommon(DependencyProperty dp, Object value,

PropertyMetadata metadata, Boolean coerceWithDeferredReference, OperationType operationType,

Boolean isInternal) at System.Windows.DependencyObject.SetValue(DependencyProperty

dp, Object value) at System.Windows.Window.set_Title(String value) at HPAssistant.HPAMain.bgAsset_RunWorkerCompleted(Object

sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs

e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)

at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,

Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object

source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error - 10/04/2013 12:51:30 | Computer Name = Andy-PC | Source = Hewlett-Packard | ID = 0

Description = en-GB '' is not a valid value for property 'Title'. WindowsBase at

System.Windows.DependencyObject.SetValueCommon(DependencyProperty dp, Object value,

PropertyMetadata metadata, Boolean coerceWithDeferredReference, OperationType operationType,

Boolean isInternal) at System.Windows.DependencyObject.SetValue(DependencyProperty

dp, Object value) at System.Windows.Window.set_Title(String value) at HPAssistant.HPAMain.bgAsset_RunWorkerCompleted(Object

sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs

e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)

at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,

Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object

source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error - 10/04/2013 12:52:52 | Computer Name = Andy-PC | Source = Hewlett-Packard | ID = 0

Description =

Error - 16/04/2013 17:21:11 | Computer Name = Andy-PC | Source = Hewlett-Packard | ID = 0

Description =

Error - 16/04/2013 17:22:21 | Computer Name = Andy-PC | Source = Hewlett-Packard | ID = 0

Description = en-GB '' is not a valid value for property 'Title'. WindowsBase at

System.Windows.DependencyObject.SetValueCommon(DependencyProperty dp, Object value,

PropertyMetadata metadata, Boolean coerceWithDeferredReference, OperationType operationType,

Boolean isInternal) at System.Windows.DependencyObject.SetValue(DependencyProperty

dp, Object value) at System.Windows.Window.set_Title(String value) at HPAssistant.HPAMain.bgAsset_RunWorkerCompleted(Object

sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs

e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)

at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,

Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object

source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error - 17/04/2013 16:28:11 | Computer Name = Andy-PC | Source = Hewlett-Packard | ID = 0

Description =

Error - 24/04/2013 12:38:55 | Computer Name = Andy-PC | Source = Hewlett-Packard | ID = 0

Description =

[ System Events ]

Error - 04/05/2013 12:50:12 | Computer Name = Andy-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 04/05/2013 12:50:16 | Computer Name = Andy-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 04/05/2013 12:50:16 | Computer Name = Andy-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 04/05/2013 12:50:16 | Computer Name = Andy-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 04/05/2013 12:52:18 | Computer Name = Andy-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 04/05/2013 12:52:18 | Computer Name = Andy-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 04/05/2013 12:52:18 | Computer Name = Andy-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 04/05/2013 12:52:20 | Computer Name = Andy-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 04/05/2013 12:52:20 | Computer Name = Andy-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 04/05/2013 12:52:20 | Computer Name = Andy-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

< End of report >

[andyome2002]

Hi Maniac

Here ya go

Thanks

Andy

[Maniac]

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select English as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Select English as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[andyome2002]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-05-2013 01

Ran by SYSTEM on 05-05-2013 20:04:56

Running from H:\

Windows 7 Home Premium (X64) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1814312 2011-12-08] (Synaptics Incorporated)

HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)

HKLM\...\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610872 2009-07-21] ()

HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-08-15] (Sun Microsystems, Inc.)

HKLM\...\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2922496 2011-06-16] (Eastman Kodak Company)

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-06-16] (Adobe Systems Incorporated)

HKLM\...\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2796368 2012-09-11] (Alcatel-Lucent)

HKLM-x32\...\RunOnce: [1] C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p [218184 2013-04-04] ()

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\599\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-02] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [218408 2009-02-25] (CyberLink Corp.)

HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [581480 2009-05-12] (Symantec Corporation)

HKLM-x32\...\Run: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-06-22] (EasyBits Software AS)

HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)

HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)

HKLM-x32\...\Run: [bSDAppUpdater] C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe [1660232 2011-11-15] (Bootstrap Software Development)

HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [935288 2009-09-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)

HKLM-x32\...\Run: [sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)

HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1223344 2013-05-01] (AVG Secure Search)

HKU\Andy\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1668664 2009-07-15] (Hewlett-Packard)

HKU\Andy\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-06-17] (Hewlett-Packard Company)

HKU\Andy\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59280 2012-08-29] (Apple Inc.)

HKU\Andy\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59280 2012-09-10] (Apple Inc.)

HKU\Andy\...\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [835224 2011-09-14] (Adobe Systems Incorporated)

HKU\Andy\...\Run: [spotify] "C:\Users\Andy\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [7880664 2012-11-13] (Spotify Ltd)

HKU\Andy\...\Run: [spotify Web Helper] "C:\Users\Andy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1199576 2012-11-13] (Spotify Ltd)

HKU\Andy\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3885408 2009-02-06] (Microsoft Corporation)

HKU\Andy\...\Run: [Amazon Cloud Drive] C:\Users\Andy\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe [646528 2012-11-12] ()

HKU\Andy\...\Run: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false [3544440 2013-01-25] (PC Drivers Headquarters)

HKU\Andy\...\Policies\system: [WallpaperStyle] 2

HKU\Andy\...\Policies\system: [DisableLockWorkstation] 0

HKU\Andy\...\Policies\system: [DisableChangePassword] 0

HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)

HKU\Default\...\Policies\system: [WallpaperStyle] 2

HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)

HKU\Default User\...\Policies\system: [WallpaperStyle] 2

Startup: C:\ProgramData\Start Menu\Programs\Startup\Audible Download Manager.lnk

ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)

Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\ProgramData\Start Menu\Programs\Startup\MozyHome Status.lnk

ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)

Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk

ShortcutTarget: msconfig.lnk -> C:\PROGRA~3\jm3r6z.dat (No File)

Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-30] (AVAST Software)

S2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [54040 2011-09-29] (Mozy, Inc.)

S2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [441856 2012-03-02] (Alcatel-Lucent)

S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()

S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)

S2 vToolbarUpdater15.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [1008816 2013-05-01] (AVG Secure Search)

S4 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)

S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)

S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)

S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)

S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)

S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)

S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [40736 2013-05-01] (AVG Technologies)

S1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [66552 2011-09-29] (Mozy, Inc.)

S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2012-07-04] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2012-07-04] (Printing Communications Assoc., Inc. (PCAUSA))

S0 aswRvrt; No ImagePath

S0 aswVmm; system32\drivers\aswVmm.sys [x]

S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]

S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]

S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]

S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-05 20:04 - 2013-05-05 20:04 - 00000000 ____D C:\FRST

2013-05-04 15:50 - 2013-05-04 15:50 - 00274624 ____A C:\Windows\Minidump\050513-26067-01.dmp

2013-05-04 08:57 - 2013-05-04 08:57 - 00089386 ____A C:\Users\Andy\Desktop\Extras.Txt

2013-05-04 08:55 - 2013-05-04 08:55 - 00112414 ____A C:\Users\Andy\Desktop\OTL.Txt

2013-05-04 08:46 - 2013-05-04 08:46 - 00602112 ____A (OldTimer Tools) C:\Users\Andy\Desktop\OTL.exe

2013-05-04 01:50 - 2013-05-04 01:50 - 00270328 ____A C:\Windows\Minidump\050413-24398-01.dmp

2013-05-04 01:42 - 2013-05-04 01:43 - 00688992 ____R (Swearware) C:\Users\Andy\Desktop\dds2.scr

2013-05-04 01:34 - 2013-05-04 15:50 - 377940477 ____A C:\Windows\MEMORY.DMP

2013-05-04 01:34 - 2013-05-04 01:34 - 00274568 ____A C:\Windows\Minidump\050413-23462-01.dmp

2013-05-04 01:33 - 2013-05-04 15:48 - 00000112 ____A C:\Windows\setupact.log

2013-05-04 01:33 - 2013-05-04 01:33 - 00000000 ____A C:\Windows\setuperr.log

2013-05-02 23:53 - 2013-05-04 01:43 - 00001915 ____A C:\Users\Andy\Desktop\attach.txt

2013-05-02 23:49 - 2013-05-02 23:49 - 00000085 ____A C:\Users\Andy\AppData\Roaming\mbam.context.scan

2013-05-01 13:03 - 2013-05-01 13:06 - 00688992 ____R (Swearware) C:\Users\Andy\Desktop\dds.scr

2013-05-01 06:11 - 2013-05-01 06:11 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search

2013-05-01 00:37 - 2013-05-01 00:37 - 00209094 ____A C:\Users\Andy\Documents\cc_20130501_093720.reg

2013-05-01 00:35 - 2013-05-01 00:35 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk

2013-05-01 00:35 - 2013-05-01 00:35 - 00000000 ____D C:\Program Files\CCleaner

2013-05-01 00:28 - 2013-05-01 00:28 - 00001050 ____A C:\Users\Public\Desktop\RegClean Pro.lnk

2013-05-01 00:28 - 2013-05-01 00:28 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Systweak

2013-05-01 00:28 - 2013-05-01 00:28 - 00000000 ____D C:\Program Files (x86)\RegClean Pro

2013-05-01 00:28 - 2012-12-10 03:01 - 00019896 ____A (Systweak Inc., (www.systweak.com)) C:\Windows\System32\roboot64.exe

2013-04-30 23:58 - 2013-04-30 23:58 - 00000228 ____A C:\Windows\Tasks\0.job

2013-04-30 23:36 - 2013-04-30 23:36 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers

2013-04-30 14:09 - 2013-05-01 01:15 - 00000000 ____D C:\Users\Andy\AppData\Local\NPE

2013-04-30 11:04 - 2013-04-30 11:04 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Foresight Software

2013-04-30 11:04 - 2013-04-30 11:04 - 00000000 ____D C:\Users\Andy\AppData\Roaming\DriverCure

2013-04-30 11:04 - 2013-04-30 11:04 - 00000000 ____D C:\ProgramData\Foresight Software

2013-04-30 11:04 - 2013-04-30 11:04 - 00000000 ____D C:\Program Files (x86)\Foresight Software

2013-04-30 00:06 - 2013-04-30 00:06 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Muroym

2013-04-30 00:06 - 2013-04-30 00:06 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Ipbyaq

2013-04-16 06:24 - 2013-04-16 06:24 - 00000000 ____D C:\Users\Andy\AppData\Local\MFAData

2013-04-16 06:24 - 2013-04-16 06:24 - 00000000 ____D C:\Users\Andy\AppData\Local\Avg2013

2013-04-16 06:17 - 2013-04-16 06:17 - 00000152 ____A C:\ProgramData\z6r3mj.reg

2013-04-16 06:17 - 2013-04-16 06:17 - 00000056 ____A C:\ProgramData\z6r3mj.bat

2013-04-16 05:23 - 2013-04-16 06:19 - 95023320 ___AT C:\ProgramData\z6r3mj.pad

2013-04-15 04:19 - 2013-04-15 04:19 - 95023320 ___AT C:\ProgramData\eqbqdz.pad

2013-04-15 00:11 - 2013-04-16 06:17 - 00000000 ____A C:\ProgramData\as98213.txt

2013-04-15 00:11 - 2013-04-15 00:11 - 95023320 ___AT C:\ProgramData\todz6f.pad

==================== One Month Modified Files and Folders =======

2013-05-05 20:04 - 2013-05-05 20:04 - 00000000 ____D C:\FRST

2013-05-05 10:48 - 2009-07-13 21:13 - 00783354 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-04 15:50 - 2013-05-04 15:50 - 00274624 ____A C:\Windows\Minidump\050513-26067-01.dmp

2013-05-04 15:50 - 2013-05-04 01:34 - 377940477 ____A C:\Windows\MEMORY.DMP

2013-05-04 15:50 - 2012-09-25 03:23 - 00000000 ____D C:\Windows\Minidump

2013-05-04 15:49 - 2012-03-05 14:09 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-05-04 15:49 - 2012-02-14 01:35 - 00000470 ____A C:\Windows\Tasks\SDMsgUpdate (TE).job

2013-05-04 15:49 - 2011-12-04 06:46 - 00000000 ____D C:\ProgramData\Kodak

2013-05-04 15:49 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-05-04 15:48 - 2013-05-04 01:33 - 00000112 ____A C:\Windows\setupact.log

2013-05-04 08:57 - 2013-05-04 08:57 - 00089386 ____A C:\Users\Andy\Desktop\Extras.Txt

2013-05-04 08:55 - 2013-05-04 08:55 - 00112414 ____A C:\Users\Andy\Desktop\OTL.Txt

2013-05-04 08:46 - 2013-05-04 08:46 - 00602112 ____A (OldTimer Tools) C:\Users\Andy\Desktop\OTL.exe

2013-05-04 01:50 - 2013-05-04 01:50 - 00270328 ____A C:\Windows\Minidump\050413-24398-01.dmp

2013-05-04 01:48 - 2011-12-09 07:46 - 00000000 ____D C:\Users\Andy\AppData\Local\CrashDumps

2013-05-04 01:43 - 2013-05-04 01:42 - 00688992 ____R (Swearware) C:\Users\Andy\Desktop\dds2.scr

2013-05-04 01:43 - 2013-05-02 23:53 - 00001915 ____A C:\Users\Andy\Desktop\attach.txt

2013-05-04 01:34 - 2013-05-04 01:34 - 00274568 ____A C:\Windows\Minidump\050413-23462-01.dmp

2013-05-04 01:33 - 2013-05-04 01:33 - 00000000 ____A C:\Windows\setuperr.log

2013-05-02 23:49 - 2013-05-02 23:49 - 00000085 ____A C:\Users\Andy\AppData\Roaming\mbam.context.scan

2013-05-02 07:57 - 2012-10-11 13:58 - 00000000 ____D C:\Users\Andy\Tracing

2013-05-02 07:57 - 2009-07-24 22:11 - 00000000 ____D C:\Windows\Panther

2013-05-02 01:10 - 2011-12-06 03:22 - 00002806 ____A C:\Users\Andy\AppData\Roaming\wklnhst.dat

2013-05-01 13:06 - 2013-05-01 13:03 - 00688992 ____R (Swearware) C:\Users\Andy\Desktop\dds.scr

2013-05-01 10:06 - 2012-02-01 13:41 - 00000000 ____D C:\ProgramData\Recovery

2013-05-01 06:12 - 2013-02-17 08:03 - 00000000 ____D C:\ProgramData\WinZip

2013-05-01 06:11 - 2013-05-01 06:11 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search

2013-05-01 06:11 - 2013-02-17 08:02 - 00040736 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys

2013-05-01 01:59 - 2011-12-29 11:28 - 00001922 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2013-05-01 01:59 - 2011-12-29 11:28 - 00000000 ____A C:\Windows\SysWOW64\config.nt

2013-05-01 01:51 - 2011-11-29 08:37 - 00085856 ____A C:\Users\Andy\AppData\Local\GDIPFONTCACHEV1.DAT

2013-05-01 01:15 - 2013-04-30 14:09 - 00000000 ____D C:\Users\Andy\AppData\Local\NPE

2013-05-01 01:14 - 2009-07-13 20:45 - 00354640 ____A C:\Windows\System32\FNTCACHE.DAT

2013-05-01 00:37 - 2013-05-01 00:37 - 00209094 ____A C:\Users\Andy\Documents\cc_20130501_093720.reg

2013-05-01 00:35 - 2013-05-01 00:35 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk

2013-05-01 00:35 - 2013-05-01 00:35 - 00000000 ____D C:\Program Files\CCleaner

2013-05-01 00:28 - 2013-05-01 00:28 - 00001050 ____A C:\Users\Public\Desktop\RegClean Pro.lnk

2013-05-01 00:28 - 2013-05-01 00:28 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Systweak

2013-05-01 00:28 - 2013-05-01 00:28 - 00000000 ____D C:\Program Files (x86)\RegClean Pro

2013-04-30 23:58 - 2013-04-30 23:58 - 00000228 ____A C:\Windows\Tasks\0.job

2013-04-30 23:36 - 2013-04-30 23:36 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers

2013-04-30 14:09 - 2009-08-14 22:15 - 00000000 ____D C:\ProgramData\Norton

2013-04-30 13:39 - 2013-01-27 04:34 - 00788104 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2013-04-30 12:20 - 2011-11-29 08:29 - 00000000 ____D C:\users\Andy

2013-04-30 12:17 - 2013-02-28 04:11 - 00000000 ____D C:\Users\Andy\AppData\Local\PC_Drivers_Headquarters

2013-04-30 12:17 - 2012-03-28 09:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-04-30 12:17 - 2011-11-29 15:08 - 00000000 ____D C:\Users\Andy\Documents\Audible

2013-04-30 12:17 - 2011-11-29 08:45 - 00000000 ____D C:\ProgramData\MFAData

2013-04-30 12:17 - 2011-11-29 08:30 - 00000000 ____D C:\Users\Andy\AppData\Local\Hewlett-Packard

2013-04-30 12:17 - 2009-08-14 23:01 - 00000000 ____D C:\ProgramData\Symantec

2013-04-30 12:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF

2013-04-30 12:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration

2013-04-30 12:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat

2013-04-30 12:17 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-04-30 12:15 - 2013-03-29 00:54 - 00000000 ____D C:\ProgramData\BrowserProtect

2013-04-30 12:15 - 2012-03-05 14:09 - 00000000 ____D C:\Users\Andy\AppData\Local\Google

2013-04-30 12:15 - 2009-08-14 23:36 - 00000000 ____D C:\ProgramData\Adobe

2013-04-30 12:14 - 2012-03-05 14:09 - 00000000 ____D C:\Program Files (x86)\Google

2013-04-30 11:04 - 2013-04-30 11:04 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Foresight Software

2013-04-30 11:04 - 2013-04-30 11:04 - 00000000 ____D C:\Users\Andy\AppData\Roaming\DriverCure

2013-04-30 11:04 - 2013-04-30 11:04 - 00000000 ____D C:\ProgramData\Foresight Software

2013-04-30 11:04 - 2013-04-30 11:04 - 00000000 ____D C:\Program Files (x86)\Foresight Software

2013-04-30 10:51 - 2012-03-26 23:47 - 00000000 ____D C:\Program Files\Google

2013-04-30 06:41 - 2012-03-26 23:47 - 00000000 ____D C:\ProgramData\Google

2013-04-30 00:46 - 2011-11-30 08:04 - 00000000 ____D C:\Users\Andy\Documents\fuchs

2013-04-30 00:42 - 2011-11-30 13:53 - 00000000 ____D C:\Users\Andy\AppData\Local\Deployment

2013-04-30 00:37 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-04-30 00:37 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-04-30 00:06 - 2013-04-30 00:06 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Muroym

2013-04-30 00:06 - 2013-04-30 00:06 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Ipbyaq

2013-04-16 10:47 - 2012-08-14 11:10 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Spotify

2013-04-16 06:29 - 2012-03-28 09:28 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-04-16 06:24 - 2013-04-16 06:24 - 00000000 ____D C:\Users\Andy\AppData\Local\MFAData

2013-04-16 06:24 - 2013-04-16 06:24 - 00000000 ____D C:\Users\Andy\AppData\Local\Avg2013

2013-04-16 06:19 - 2013-04-16 05:23 - 95023320 ___AT C:\ProgramData\z6r3mj.pad

2013-04-16 06:17 - 2013-04-16 06:17 - 00000152 ____A C:\ProgramData\z6r3mj.reg

2013-04-16 06:17 - 2013-04-16 06:17 - 00000056 ____A C:\ProgramData\z6r3mj.bat

2013-04-16 06:17 - 2013-04-15 00:11 - 00000000 ____A C:\ProgramData\as98213.txt

2013-04-15 04:19 - 2013-04-15 04:19 - 95023320 ___AT C:\ProgramData\eqbqdz.pad

2013-04-15 00:11 - 2013-04-15 00:11 - 95023320 ___AT C:\ProgramData\todz6f.pad

2013-04-11 07:22 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp

2013-04-10 14:07 - 2013-02-28 04:20 - 00000000 ____D C:\Users\Andy\AppData\Local\Paint.NET

2013-04-10 08:34 - 2011-11-30 08:04 - 00000000 ____D C:\Users\Andy\Documents\tennis

Other Malware:

===========

C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-04-15 04:36:23

Restore point made on: 2013-04-16 11:01:46

Restore point made on: 2013-04-16 23:12:36

Restore point made on: 2013-04-16 23:32:32

Restore point made on: 2013-04-16 23:39:57

Restore point made on: 2013-04-23 14:25:35

Restore point made on: 2013-04-23 19:35:13

Restore point made on: 2013-04-24 04:14:25

Restore point made on: 2013-04-26 01:45:45

Restore point made on: 2013-04-29 23:23:07

Restore point made on: 2013-04-30 00:35:22

==================== Memory info ===========================

Percentage of memory in use: 17%

Total physical RAM: 4092.1 MB

Available physical RAM: 3385.57 MB

Total Pagefile: 4090.25 MB

Available Pagefile: 3376.15 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:284.44 GB) (Free:169.74 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]

Drive e: (RECOVERY) (Fixed) (Total:13.36 GB) (Free:2.22 GB) NTFS (Disk=0 Partition=3) ==>[system with boot components (obtained from reading drive)]

Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 (Disk=0 Partition=4)

Drive h: () (Removable) (Total:29.8 GB) (Free:16.94 GB) FAT32 (Disk=1 Partition=1)

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.15 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 298 GB 0 B

Disk 1 Online 29 GB 0 B

Partitions of Disk 0:

===============

Disk ID: B9D58C18

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 199 MB 1024 KB

Partition 2 Primary 284 GB 200 MB

Partition 3 Primary 13 GB 284 GB

Partition 4 Primary 103 MB 297 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 284 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E RECOVERY NTFS Partition 13 GB Healthy

=========================================================

Disk: 0

Partition 4

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

=========================================================

Partitions of Disk 1:

===============

Disk ID: 00000000

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 29 GB 16 KB

==================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 H FAT32 Removable 29 GB Healthy

=========================================================

============================== MBR & Partition Table ==================

====================================================================

Disk: 0 (Size: 298 GB) (Disk ID: B9D58C18)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=284 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

====================================================================

Disk: 1 (Size: 30 GB) (Disk ID: 00000000)

Partition 1: (Not Active) - (Size=30 GB) - (Type=0C)

Last Boot: 2013-04-29 23:45

==================== End Of Log ============================

[Maniac]

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the flashdrive as fixlist.txt

Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk

ShortcutTarget: msconfig.lnk -> C:\PROGRA~3\jm3r6z.dat (No File)

2013-04-30 11:04 - 2013-04-30 11:04 - 00000000 ____D C:\Program Files (x86)\Foresight Software

2013-04-30 00:06 - 2013-04-30 00:06 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Muroym

2013-04-30 00:06 - 2013-04-30 00:06 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Ipbyaq

2013-04-16 06:17 - 2013-04-16 06:17 - 00000152 ____A C:\ProgramData\z6r3mj.reg

2013-04-16 06:17 - 2013-04-16 06:17 - 00000056 ____A C:\ProgramData\z6r3mj.bat

2013-04-16 05:23 - 2013-04-16 06:19 - 95023320 ___AT C:\ProgramData\z6r3mj.pad

2013-04-15 04:19 - 2013-04-15 04:19 - 95023320 ___AT C:\ProgramData\eqbqdz.pad

2013-04-15 00:11 - 2013-04-16 06:17 - 00000000 ____A C:\ProgramData\as98213.txt

2013-04-15 00:11 - 2013-04-15 00:11 - 95023320 ___AT C:\ProgramData\todz6f.pad

2013-04-30 23:58 - 2013-04-30 23:58 - 00000228 ____A C:\Windows\Tasks\0.job

C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

[andyome2002]

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally

Sorry to sound stupid but Do I run system recovery from within safemode (if so how do I find it ) or do I reboot and run from start up ?

and could you talk me through running FRST from Command prompt

Thanks for your help

Andy

[andyome2002]

ix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2013

Ran by SYSTEM at 2013-05-07 08:55:01 Run:1

Running from H:\

Boot Mode: Recovery

==============================================

C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk => Moved successfully.

C:\PROGRA~3\jm3r6z.dat not found.

C:\Program Files (x86)\Foresight Software => Moved successfully.

C:\Users\Andy\AppData\Roaming\Muroym => Moved successfully.

C:\Users\Andy\AppData\Roaming\Ipbyaq => Moved successfully.

C:\ProgramData\z6r3mj.reg => Moved successfully.

C:\ProgramData\z6r3mj.bat => Moved successfully.

C:\ProgramData\z6r3mj.pad => Moved successfully.

C:\ProgramData\eqbqdz.pad => Moved successfully.

C:\ProgramData\as98213.txt => Moved successfully.

C:\ProgramData\todz6f.pad => Moved successfully.

C:\Windows\Tasks\0.job => Moved successfully.

C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk => File/Directory not found.

==== End of Fixlog ====

[Maniac]

Any progress now?

[andyome2002]

As you can see from the above I have run the fix tool but it still starts with a blue screen memory dump !

It seems to run ok in safe mode albeit with a few errors.

also seems to be running a little hot

Regards

Andy

[Maniac]

Boot in Safe mode with Networking and then:

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[andyome2002]

Having read the disclaimer will you be the Expert giving supervision ?

It sounds kinda scary

Thanks

Andy

[Maniac]

Yes, that's right. Just sounds like that, but if you follow the instructions carefully everything will be fine.

[andyome2002]

Ok Thanks Maniac

I shall be away on Buisness for a couple of weeks from tomorrow so if its ok I wil run this on my return incase it needs a bit of time

If i post results when i get back will you still be monitoring forum

Thanks

Andy

[Maniac]

Yes, I will wait.

Thanks for letting me know!