# Services.exe infected with Trojan Horse Dropper.Generic_c.MMI



## TheFlanman (Aug 2, 2012)

*Hi,

I recently got a recurring message from my AVG9 that C:/Windows/System32/services.exe has been infected with a Trojan. The only option I am given is to "Ignore", presumably because it's a system file and cannot be removed. I am competent enough with a computer but this is my first virus so hopefully someone can help me.

There are no initial "symptoms". Windows is working fine, computer isn't shutting down, Hard drive isn't deleting itself but the problem is there and I'd like to get rid of it ASAP. Here are the log files requested:*

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:07:05, on 02/08/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
C:\Program Files (x86)\VLC Streamer\VLC Streamer Configuration.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe
C:\Users\Conor\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Conor\AppData\Local\Akamai\netsession_win.exe
C:\Users\Conor\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Users\Conor\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Users\Conor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Conor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Conor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Conor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Conor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Conor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Conor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Conor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\BackItUp.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBCore.exe
C:\Users\Conor\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=1809&m=et1862&r=17360811b416pe485v1k5r4561s25p
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=14200
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=1809&m=et1862&r=17360811b416pe485v1k5r4561s25p
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=1809&m=et1862&r=17360811b416pe485v1k5r4561s25p
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABEAE8AOAAtAFEARQBNAEIAUgA"&"inst=NwA2AC0AOAA5ADMAMwA1ADIAOAAzADIALQBEADMAOAAxAEwAKwA1AC0ARABEAFQAKwAwAC0ASQA5ADAAKwAxAC0AUABMACsAOQAtAE4AMQBEACsAMQA"&"prod=54"&"ver=9.0.872
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Hobbyist Software VLC Streamer] "C:\Program Files (x86)\VLC Streamer\VLC Streamer Configuration.exe" /startup
O4 - HKCU\..\Run: [Grid] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Conor\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Conor\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Conor\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Conor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Conor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{D105752F-CD1F-41BE-A309-FE740020BFCC}: NameServer = 89.101.160.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{DABE8A5D-137E-4ED7-9184-7A09E6DA0C37}: NameServer = 89.101.160.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Updater Service - Acer - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15849 bytes

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Conor at 15:10:06 on 2012-08-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.6135.2916 [GMT 1:00]
.
AV: AVG Internet Security *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\VLC Streamer\VLC Streamer Configuration.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe
C:\Users\Conor\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Conor\AppData\Local\Akamai\netsession_win.exe
C:\Users\Conor\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Users\Conor\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\Grid64.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Users\Conor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Conor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Conor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Conor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Conor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Conor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Conor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Conor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\BackItUp.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBCore.exe
C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBVSSTool_x64.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=14200
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=1809&m=et1862&r=17360811b416pe485v1k5r4561s25p
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=1809&m=et1862&r=17360811b416pe485v1k5r4561s25p
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=1809&m=et1862&r=17360811b416pe485v1k5r4561s25p
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Hobbyist Software VLC Streamer] "C:\Program Files (x86)\VLC Streamer\VLC Streamer Configuration.exe" /startup
uRun: [Grid] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Facebook Update] "C:\Users\Conor\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Akamai NetSession Interface] "C:\Users\Conor\AppData\Local\Akamai\netsession_win.exe"
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABEAE8AOAAtAFEARQBNAEIAUgA"&"inst=NwA2AC0AOAA5ADMAMwA1ADIAOAAzADIALQBEADMAOAAxAEwAKwA1AC0ARABEAFQAKwAwAC0ASQA5ADAAKwAxAC0AUABMACsAOQAtAE4AMQBEACsAMQA"&"prod=54"&"ver=9.0.872
StartupFolder: C:\Users\Conor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Conor\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Conor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - C:\Users\Conor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 89.101.160.4 89.101.160.5
TCP: Interfaces\{1D27B9E8-4837-4404-ABD9-B8620C87FC4B} : DhcpNameServer = 89.101.160.4 89.101.160.5
TCP: Interfaces\{7B62709B-0BF8-4CD0-BCDB-E9F0718869EA} : DhcpNameServer = 89.101.160.4 89.101.160.5
TCP: Interfaces\{7B62709B-0BF8-4CD0-BCDB-E9F0718869EA}\34F6E6F62775966496 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7CF5390C-B808-44D9-8944-1A0E3ED8F63D} : DhcpNameServer = 172.31.140.69 172.30.140.69
TCP: Interfaces\{AB283614-7AFC-4152-A28D-D0CED4C95D80} : DhcpNameServer = 89.101.160.4 89.101.160.5
TCP: Interfaces\{D105752F-CD1F-41BE-A309-FE740020BFCC} : NameServer = 89.101.160.4
TCP: Interfaces\{D105752F-CD1F-41BE-A309-FE740020BFCC} : DhcpNameServer = 89.101.160.4 89.101.160.5
TCP: Interfaces\{DABE8A5D-137E-4ED7-9184-7A09E6DA0C37} : NameServer = 89.101.160.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABEAE8AOAAtAFEARQBNAEIAUgA"&"inst=NwA2AC0AOAA5ADMAMwA1ADIAOAAzADIALQBEADMAOAAxAEwAKwA1AC0ARABEAFQAKwAwAC0ASQA5ADAAKwAxAC0AUABMACsAOQAtAE4AMQBEACsAMQA"&"prod=54"&"ver=9.0.872
IE-X64: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\k8fuqohx.default\
FF - prefs.js: browser.startup.homepage - hxxp://eu.ask.com/?l=dis&o=14200
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BrowserPlugin\npBrowserPlugin.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.67\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.68\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Conor\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Conor\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Conor\AppData\LocalLow\Sony Online Entertainment\npsoe.dll
FF - plugin: C:\Users\Conor\AppData\LocalLow\Sony Online Entertainment\npsoeact.dll
FF - plugin: C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\k8fuqohx.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\plugins\npstarter.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSErHrw7a;AVG9IDSErHr;C:\Windows\system32\Drivers\AVGIDSwa.sys --> C:\Windows\system32\Drivers\AVGIDSwa.sys [?]
R0 AvgRkx64;avgrkx64.sys;C:\Windows\system32\Drivers\avgrkx64.sys --> C:\Windows\system32\Drivers\avgrkx64.sys [?]
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys --> C:\Windows\system32\DRIVERS\NBVol.sys [?]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys --> C:\Windows\system32\DRIVERS\NBVolUp.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]
R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2011-8-6 308136]
R2 avgfws9;AVG Firewall;C:\Program Files (x86)\AVG\AVG9\avgfws9.exe [2011-8-6 2331544]
R2 AVGIDSAgent;AVG9IDSAgent;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-8-6 5897808]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-9-26 375208]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2011-8-6 2011944]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-4-1 428640]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-1-21 240160]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriverw7a;AVG9IDSDriver;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [2011-8-6 132688]
R3 AVGIDSFilterw7a;AVG9IDSFilter;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [2011-8-6 35920]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\system32\DRIVERS\LGSHidFilt.Sys --> C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
R3 radpms;Driver for RADPMS Device;C:\Windows\system32\DRIVERS\radpms.sys --> C:\Windows\system32\DRIVERS\radpms.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-6 135664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-6 135664]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-4 113120]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-27 19:16:21	--------	d-----w-	C:\Program Files (x86)\Common Files\SpeedyPC Software
2012-07-27 19:16:20	--------	d-----w-	C:\ProgramData\SpeedyPC Software
2012-07-27 19:16:20	--------	d-----w-	C:\Program Files (x86)\SpeedyPC Software
2012-07-24 19:18:46	--------	d-----w-	C:\Users\Conor\AppData\Local\Akamai
2012-07-23 15:07:18	--------	d-----w-	C:\Crash
2012-07-16 15:28:08	--------	d-----w-	C:\Program Files (x86)\Just Cause 2
2012-07-12 02:05:44	3148800	----a-w-	C:\Windows\System32\win32k.sys
2012-07-12 02:02:01	--------	d-----w-	C:\830c7ceeca839d1909582fc8
2012-07-09 16:18:19	--------	d-----w-	C:\Users\Conor\AppData\Local\ODUI
2012-07-09 16:18:12	--------	d-----w-	C:\Users\Conor\AppData\Local\Stardock
2012-07-09 16:17:36	--------	d-----w-	C:\Users\Conor\AppData\Roaming\Stardock
2012-07-09 16:17:30	--------	dc-h--w-	C:\ProgramData\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}
2012-07-09 16:17:26	--------	d-----w-	C:\Program Files (x86)\Stardock
2012-07-09 16:16:57	--------	d-----w-	C:\Users\Conor\AppData\Local\PackageAware
.
==================== Find3M ====================
.
2012-07-24 15:12:15	283304	----a-w-	C:\Windows\SysWow64\PnkBstrB.xtr
2012-07-24 15:12:15	283304	----a-w-	C:\Windows\SysWow64\PnkBstrB.exe
2012-07-24 15:11:51	280904	----a-w-	C:\Windows\SysWow64\PnkBstrB.ex0
2012-07-11 13:07:24	87488	----a-w-	C:\Windows\System32\LMIRfsClientNP.dll
2012-07-11 13:07:24	34720	----a-w-	C:\Windows\System32\LMIport.dll
2012-07-11 13:07:23	80800	----a-w-	C:\Windows\System32\LMIinit.dll
2012-07-02 19:51:04	76888	----a-w-	C:\Windows\SysWow64\PnkBstrA.exe
2012-06-24 14:29:48	18960	----a-w-	C:\Windows\System32\drivers\LNonPnP.sys
2012-06-21 08:37:14	3166792	------w-	C:\Windows\SysWow64\pbsvc.exe
2012-06-16 21:16:46	70344	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-16 21:16:46	426184	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-11 18:59:38	10248192	----a-w-	C:\Windows\System32\drivers\atikmdag.sys
2012-06-11 18:35:48	70144	----a-w-	C:\Windows\System32\coinst_8.98.dll
2012-06-11 18:29:34	24826368	----a-w-	C:\Windows\System32\atio6axx.dll
2012-06-11 18:00:32	20467712	----a-w-	C:\Windows\SysWow64\atioglxx.dll
2012-06-11 17:25:06	163840	----a-w-	C:\Windows\System32\atiapfxx.exe
2012-06-11 17:24:58	924160	----a-w-	C:\Windows\SysWow64\aticfx32.dll
2012-06-11 17:23:12	1090560	----a-w-	C:\Windows\System32\aticfx64.dll
2012-06-11 17:20:02	442368	----a-w-	C:\Windows\System32\ATIDEMGX.dll
2012-06-11 17:19:58	532992	----a-w-	C:\Windows\System32\atieclxx.exe
2012-06-11 17:19:14	239616	----a-w-	C:\Windows\System32\atiesrxx.exe
2012-06-11 17:17:56	120320	----a-w-	C:\Windows\System32\atitmm64.dll
2012-06-11 17:17:42	21504	----a-w-	C:\Windows\System32\atimuixx.dll
2012-06-11 17:17:38	59392	----a-w-	C:\Windows\System32\atiedu64.dll
2012-06-11 17:17:32	43520	----a-w-	C:\Windows\SysWow64\ati2edxx.dll
2012-06-11 17:16:48	6301696	----a-w-	C:\Windows\SysWow64\atidxx32.dll
2012-06-11 17:01:56	6914560	----a-w-	C:\Windows\System32\atidxx64.dll
2012-06-11 16:51:54	4246528	----a-w-	C:\Windows\System32\atiumd6a.dll
2012-06-11 16:45:48	51200	----a-w-	C:\Windows\System32\aticalrt64.dll
2012-06-11 16:45:46	46080	----a-w-	C:\Windows\SysWow64\aticalrt.dll
2012-06-11 16:45:44	5480448	----a-w-	C:\Windows\SysWow64\atiumdag.dll
2012-06-11 16:45:40	44544	----a-w-	C:\Windows\System32\aticalcl64.dll
2012-06-11 16:45:38	44032	----a-w-	C:\Windows\SysWow64\aticalcl.dll
2012-06-11 16:45:26	15703040	----a-w-	C:\Windows\System32\aticaldd64.dll
2012-06-11 16:43:18	4729344	----a-w-	C:\Windows\SysWow64\atiumdva.dll
2012-06-11 16:40:58	13277696	----a-w-	C:\Windows\SysWow64\aticaldd.dll
2012-06-11 16:36:56	6605824	----a-w-	C:\Windows\System32\atiumd64.dll
2012-06-11 16:27:02	539136	----a-w-	C:\Windows\System32\atiadlxx.dll
2012-06-11 16:26:52	368640	----a-w-	C:\Windows\SysWow64\atiadlxy.dll
2012-06-11 16:26:40	17920	----a-w-	C:\Windows\System32\atig6pxx.dll
2012-06-11 16:26:36	14848	----a-w-	C:\Windows\SysWow64\atiglpxx.dll
2012-06-11 16:26:36	14848	----a-w-	C:\Windows\System32\atiglpxx.dll
2012-06-11 16:26:30	41984	----a-w-	C:\Windows\System32\atig6txx.dll
2012-06-11 16:26:22	33280	----a-w-	C:\Windows\SysWow64\atigktxx.dll
2012-06-11 16:26:14	367616	----a-w-	C:\Windows\System32\drivers\atikmpag.sys
2012-06-11 16:25:20	54784	----a-w-	C:\Windows\System32\atiuxp64.dll
2012-06-11 16:25:12	42496	----a-w-	C:\Windows\SysWow64\atiuxpag.dll
2012-06-11 16:25:06	45056	----a-w-	C:\Windows\System32\atiu9p64.dll
2012-06-11 16:24:58	32768	----a-w-	C:\Windows\SysWow64\atiu9pag.dll
2012-06-11 16:24:24	53248	----a-w-	C:\Windows\System32\drivers\ati2erec.dll
2012-06-11 16:23:18	56320	----a-w-	C:\Windows\System32\atimpc64.dll
2012-06-11 16:23:18	56320	----a-w-	C:\Windows\System32\amdpcom64.dll
2012-06-11 16:23:10	56832	----a-w-	C:\Windows\SysWow64\atimpc32.dll
2012-06-11 16:23:10	56832	----a-w-	C:\Windows\SysWow64\amdpcom32.dll
2012-06-11 12:50:46	187392	----a-w-	C:\Windows\System32\clinfo.exe
2012-06-11 12:50:30	75264	----a-w-	C:\Windows\System32\OpenVideo64.dll
2012-06-11 12:50:24	65024	----a-w-	C:\Windows\SysWow64\OpenVideo.dll
2012-06-11 12:50:18	63488	----a-w-	C:\Windows\System32\OVDecode64.dll
2012-06-11 12:50:14	56320	----a-w-	C:\Windows\SysWow64\OVDecode.dll
2012-06-11 12:50:06	16457728	----a-w-	C:\Windows\System32\amdocl64.dll
2012-06-11 12:49:22	13008896	----a-w-	C:\Windows\SysWow64\amdocl.dll
2012-06-06 06:06:16	2004480	----a-w-	C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16	1881600	----a-w-	C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54	1133568	----a-w-	C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52	1390080	----a-w-	C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52	1236992	----a-w-	C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06	805376	----a-w-	C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31	2622464	----a-w-	C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08	99840	----a-w-	C:\Windows\System32\wudriver.dll
2012-06-02 14:19:42	186752	----a-w-	C:\Windows\System32\wuwebv.dll
2012-06-02 14:15:12	36864	----a-w-	C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10	458704	----a-w-	C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16	95600	----a-w-	C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16	151920	----a-w-	C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31	340992	----a-w-	C:\Windows\System32\schannel.dll
2012-06-02 05:44:21	307200	----a-w-	C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42	22016	----a-w-	C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39	225280	----a-w-	C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10	219136	----a-w-	C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09	96768	----a-w-	C:\Windows\SysWow64\sspicli.dll
2012-05-21 16:18:46	87456	----a-w-	C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2012-05-20 13:18:22	419840	----a-w-	C:\Windows\System32\wrap_oal.dll
2012-05-20 13:18:22	413696	----a-w-	C:\Windows\SysWow64\wrap_oal.dll
2012-05-20 13:18:22	133632	----a-w-	C:\Windows\System32\OpenAL32.dll
2012-05-20 13:18:22	110592	----a-w-	C:\Windows\SysWow64\OpenAL32.dll
2012-05-15 04:01:31	1188864	----a-w-	C:\Windows\System32\wininet.dll
2012-05-15 03:03:54	981504	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-05-05 09:30:09	8744608	----a-w-	C:\Windows\SysWow64\FlashPlayerInstaller.exe
.
============= FINISH: 15:10:25.82 ===============


----------



## TheFlanman (Aug 2, 2012)

Bump


----------



## TheFlanman (Aug 2, 2012)

Just in case I get a reply, my computer has now refused to boot. Upon starting the boot sequence with Windows it blue screens. Windows Startup Repair is doing nothing, it loops and loops and doesn't even tell me that it failed. I let it run for 3 hours with nothing productive happening. Safe mode is also blue screening. I could really use some help now, this just went from inconvenient to a serious problem! I don't want to have to format and clean install so if anyone has any ideas please give me a hand. Thanks!


----------



## kevinf80 (Mar 21, 2006)

OK, do the following, you`ll need access to a clean pc and a flash drive

*Step 1*

Download *Farbar Recovery Scan Toolx64* and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter *System Recovery Options* I give two methods, use whichever is convenient for you.

*To enter System Recovery Options from the Advanced Boot Options:*

Restart the computer.
As soon as the BIOS is loaded begin tapping the* F8* key until Advanced Boot Options appears.
Use the arrow keys to select the *Repair your computer* menu item.
Select *Your Country* as the keyboard language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account an click *Next*.

*To enter System Recovery Options by using Windows installation disc:*

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click *Repair your computer*.
Select *Your Country* as the keyboard language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account and click *Next*.

*On the System Recovery Options menu you will get the following options:*
*Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt*


Select *Command Prompt*
In the command window type in *notepad* and press *Enter*.
The notepad opens. Under File menu select *Open*.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type *e:\frst64*) and press *Enter* 
*Note:* Replace letter *e* with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press *Scan* button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

*Step 2*

Boot to System Recovery Options and run FRST as you did to get the log.

Type the following in the edit box after "Search:".

*services.exe*

It then should look like:










Click Search button and post the log (Search.txt) it makes to your reply.

Post both logs in your reply

Thanks,

Kevin


----------



## TheFlanman (Aug 2, 2012)

First of all thank you very much for the reply. Been pulling my hair out for the last day or two. Lets hope we can get something to work 

*FRST*

Scan result of Farbar Recovery Scan Tool Version: 04-08-2012 01
Ran by SYSTEM at 04-08-2012 18:49:05
Running from L:\
Windows 7 Home Premium (X64) OS Language: English(US) 
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9608224 2009-11-17] (Realtek Semiconductor)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [408600 2009-12-04] (Intel Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [166424 2009-12-04] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [390168 2009-12-04] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized [6868280 2012-05-21] (Logitech Inc.)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [unsti] rundll32.exe "C:\Users\Paddy\AppData\Roaming\unsti.dll",HrGetCertKeyUsage [x]
HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [469536 2009-11-24] ()
HKLM-x32\...\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe [2077536 2012-01-27] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-01-30] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-26] (Apple Inc.)
HKLM-x32\...\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart [1493288 2012-01-13] (Nero AG)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.)
HKU\Conor\...\Run: [Hobbyist Software VLC Streamer] "C:\Program Files (x86)\VLC Streamer\VLC Streamer Configuration.exe" /startup [1313848 2011-08-30] (Hobbyist Software)
HKU\Conor\...\Run: [Grid] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe" [409600 2011-10-03] ()
HKU\Conor\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3481408 2012-02-13] (DT Soft Ltd)
HKU\Conor\...\Run: [Facebook Update] "C:\Users\Conor\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-15] (Facebook Inc.)
HKU\Conor\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-01-20] (Google Inc.)
HKU\Conor\...\Run: [Akamai NetSession Interface] "C:\Users\Conor\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-25] (Akamai Technologies, Inc)
HKU\Conor\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Marie\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKU\Marie\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-01-20] (Google Inc.)
HKU\Marie\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-08-29] ()
HKU\Marie\...\Run: [Google Update] "C:\Users\Conor\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-08-06] (Google Inc.)
HKU\Marie\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe" [x]
HKU\Marie\...\Run: [Facebook Update] "C:\Users\Conor\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-15] (Facebook Inc.)
HKU\Marie\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3481408 2012-02-13] (DT Soft Ltd)
HKU\Mcx1-HOME-PC\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-01-20] (Google Inc.)
HKU\Mcx1-HOME-PC\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-08-29] ()
HKU\Mcx1-HOME-PC\...\Run: [Google Update] "C:\Users\Conor\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-08-06] (Google Inc.)
HKU\Mcx1-HOME-PC\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe" [x]
HKU\Mcx1-HOME-PC\...\Run: [Facebook Update] "C:\Users\Conor\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-15] (Facebook Inc.)
HKU\Mcx1-HOME-PC\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3481408 2012-02-13] (DT Soft Ltd)
HKU\Mcx1-HOME-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
HKU\Paddy\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-01-20] (Google Inc.)
HKU\Paddy\...\Run: [Google Update] "C:\Users\Paddy\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-08-06] (Google Inc.)
HKU\Paddy\...\Run: [EPSON Stylus Photo R340 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIAJE.EXE /FU "C:\Windows\TEMP\E_SFC58.tmp" /EF "HKCU" [211456 2006-12-25] (SEIKO EPSON CORPORATION)
HKU\Paddy\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-08-29] ()
HKU\Paddy\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe" [x]
HKU\Paddy\...\Run: [Facebook Update] "C:\Users\Conor\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-15] (Facebook Inc.)
HKU\Paddy\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3481408 2012-02-13] (DT Soft Ltd)
HKU\Paddy\...\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [393216 2011-10-03] (AMD)
HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABEAE8AOAAtAFEARQBNAEIAUgA"&"inst=NwA2AC0AOAA5ADMAMwA1ADIAOAAzADIALQBEADMAOAAxAEwAKwA1AC0ARABEAFQAKwAwAC0ASQA5ADAAKwAxAC0AUABMACsAOQAtAE4AMQBEACsAMQA"&"prod=54"&"ver=9.0.872 [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 89.101.160.4 89.101.160.5
AppInit_DLLs: avgrssta.dll
Tcpip\..\Interfaces\{D105752F-CD1F-41BE-A309-FE740020BFCC}: [NameServer]89.101.160.4
Tcpip\..\Interfaces\{DABE8A5D-137E-4ED7-9184-7A09E6DA0C37}: [NameServer]89.101.160.4
Startup: C:\Users\Conor\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Conor\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Services (Whitelisted) ======

2 avg9wd; "C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe" [308136 2011-08-06] (AVG Technologies CZ, s.r.o.)
2 avgfws9; "C:\Program Files (x86)\AVG\AVG9\avgfws9.exe" [2331544 2011-08-06] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe" AVGIDSAgent [5897808 2011-08-06] (AVG Technologies CZ, s.r.o.)
2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375208 2012-07-11] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147368 2012-07-11] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-09-16] (LogMeIn, Inc.)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-02] ()
2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-03] (Acer)
3 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [x]

========================== Drivers (Whitelisted) =============

1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [29976 2011-08-06] (AVG Technologies CZ, s.r.o.)
3 AVGIDSDriverw7a; \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [132688 2011-08-06] (AVG Technologies CZ, s.r.o. )
0 AVGIDSErHrw7a; C:\Windows\System32\Drivers\AVGIDSwa.sys [27216 2011-08-06] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilterw7a; \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [35920 2011-08-06] (AVG Technologies CZ, s.r.o. )
1 AvgLdx64; C:\Windows\System32\Drivers\AvgLdx64.sys [269904 2011-08-06] (AVG Technologies CZ, s.r.o.)
1 AvgMfx64; C:\Windows\System32\Drivers\AvgMfx64.sys [35664 2011-09-13] (AVG Technologies CZ, s.r.o.)
0 AvgRkx64; C:\Windows\System32\Drivers\AvgRkx64.sys [56008 2011-08-06] (AVG Technologies CZ, s.r.o.)
1 AvgTdiA; C:\Windows\System32\Drivers\AvgTdiA.sys [317520 2011-08-06] (AVG Technologies CZ, s.r.o.)
3 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-04-01] (DT Soft Ltd)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 LGSHidFilt; C:\Windows\System32\Drivers\LGSHidFilt.sys [66328 2012-02-07] (Logitech Inc.)
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-09-16] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2011-09-16] (LogMeIn, Inc.)
2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2011-09-16] (LogMeIn, Inc.)
0 NBVol; C:\Windows\System32\Drivers\NBVol.sys [72240 2011-12-01] (Nero AG)
0 NBVolUp; C:\Windows\System32\Drivers\NBVolUp.sys [15920 2011-12-01] (Nero AG)
3 radpms; C:\Windows\System32\Drivers\radpms.sys [14944 2011-09-16] (LogMeIn, Inc.)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-11-27] (Duplex Secure Ltd.)
3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2011-02-03] (Jungo)
2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [27384 2011-02-03] (Xilinx, Inc.)
4 LMIRfsClientNP; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-04 18:48 - 2012-08-04 18:49 - 00000000 ____D C:\FRST
2012-08-04 13:35 - 2012-08-04 13:41 - 00000000 ____D C:\Windows\System32\config\MyBackup
2012-08-02 11:21 - 2012-08-02 11:21 - 00001973 ____A C:\Users\Conor\Desktop\Update Checker.lnk
2012-08-02 11:21 - 2012-08-02 11:21 - 00000000 ____D C:\Program Files (x86)\FileHippo.com
2012-08-02 06:10 - 2012-08-02 06:10 - 00032978 ____A C:\Users\Conor\Desktop\DDS.txt
2012-08-02 06:10 - 2012-08-02 06:10 - 00013981 ____A C:\Users\Conor\Desktop\Attach.txt
2012-08-02 06:07 - 2012-08-02 06:07 - 00015851 ____A C:\Users\Conor\Desktop\hijackthis.log
2012-08-02 06:06 - 2012-08-02 06:05 - 00607260 ____R (Swearware) C:\Users\Conor\Desktop\dds.com
2012-08-02 06:04 - 2012-08-02 06:04 - 00388608 ____A (Trend Micro Inc.) C:\Users\Conor\Desktop\HijackThis.exe
2012-08-02 05:48 - 2012-08-02 05:48 - 00448512 ____A (OldTimer Tools) C:\Users\Conor\Downloads\TFC.exe
2012-07-27 12:20 - 2012-07-27 12:20 - 00015074 ____A C:\Users\Conor\Downloads\C80497DE8157DC3417BC386A633361C2573E2552.torrent
2012-07-27 11:24 - 2012-07-27 11:24 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Paddy\Desktop\tdsskiller.exe
2012-07-27 11:17 - 2012-08-03 09:00 - 00000492 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
2012-07-27 11:17 - 2012-07-27 11:17 - 00000000 ____D C:\Users\Paddy\AppData\Roaming\SpeedyPC Software
2012-07-27 11:17 - 2012-07-27 11:17 - 00000000 ____D C:\Users\Paddy\AppData\Roaming\DriverCure
2012-07-27 11:16 - 2012-08-01 01:30 - 00000420 ____A C:\Windows\Tasks\SpeedyPC Pro.job
2012-07-27 11:16 - 2012-07-31 16:09 - 00000464 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
2012-07-27 11:16 - 2012-07-27 11:16 - 00001203 ____A C:\Users\Paddy\Desktop\SpeedyPC Pro.lnk
2012-07-27 11:16 - 2012-07-27 11:16 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-07-27 11:16 - 2012-07-27 11:16 - 00000000 ____D C:\Program Files (x86)\SpeedyPC Software
2012-07-27 11:13 - 2012-07-27 11:13 - 04731432 ____A (SpeedyPC Software Inc.) C:\Users\Paddy\Desktop\RepairTool.exe
2012-07-26 11:37 - 2012-07-26 11:37 - 00000012 ____A C:\Windows\srun.log
2012-07-24 15:43 - 2012-07-24 15:43 - 00014889 ____A C:\Users\Conor\Downloads\5BE429483B294E59AE7A643CDD41154C884879BC.torrent
2012-07-24 11:18 - 2012-07-24 11:19 - 00000000 ____D C:\Users\Conor\AppData\Local\Akamai
2012-07-24 11:18 - 2012-07-24 11:18 - 10719776 ____A (Akamai Technologies, Inc) C:\Users\Conor\Downloads\NetSessionInterface.exe
2012-07-23 07:07 - 2012-07-23 07:07 - 00000000 ____D C:\Crash
2012-07-22 13:24 - 2012-07-22 13:24 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2012-07-20 11:27 - 2012-07-24 16:07 - 00000000 ____D C:\Users\Conor\Desktop\Tenacious D - Rize of the Fenix [2012]
2012-07-18 02:49 - 2012-07-18 02:49 - 00000000 __RSD C:\Users\Paddy\Documents\My Stationery
2012-07-17 03:51 - 2012-07-17 03:51 - 00000040 ____A C:\Users\All Users\bioquvlvhvwkwwu
2012-07-16 16:43 - 2012-07-16 16:47 - 00000000 ____D C:\Users\Conor\Desktop\The.Elder.Scrolls.V.Skyrim.Update.9-RELOADED
2012-07-16 14:23 - 2012-07-16 14:24 - 00000000 ____D C:\Users\Conor\Desktop\LaunchDaemons.backup
2012-07-16 07:33 - 2012-07-16 07:33 - 00000000 ____D C:\Users\Conor\Documents\Square Enix
2012-07-16 07:28 - 2012-07-17 04:52 - 00000000 ____D C:\Program Files (x86)\Just Cause 2
2012-07-11 18:05 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 18:02 - 2012-07-11 18:04 - 00000000 ____D C:\830c7ceeca839d1909582fc8
2012-07-11 02:47 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 02:47 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 02:47 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 02:47 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 02:47 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 02:47 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 02:47 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 02:47 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-11 02:47 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 02:47 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 02:47 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 02:47 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 02:47 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 02:47 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 02:47 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 02:47 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 02:47 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-11 02:47 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 02:47 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-09 08:18 - 2012-07-09 08:18 - 00000000 ____D C:\Users\Conor\Documents\Stardock
2012-07-09 08:18 - 2012-07-09 08:18 - 00000000 ____D C:\Users\Conor\AppData\Local\Stardock
2012-07-09 08:18 - 2012-07-09 08:18 - 00000000 ____D C:\Users\Conor\AppData\Local\ODUI
2012-07-09 08:17 - 2012-07-09 08:17 - 00000000 __HDC C:\Users\All Users\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}
2012-07-09 08:17 - 2012-07-09 08:17 - 00000000 ____D C:\Users\Conor\AppData\Roaming\Stardock
2012-07-09 08:17 - 2012-07-09 08:17 - 00000000 ____D C:\Program Files (x86)\Stardock
2012-07-09 08:16 - 2012-07-09 08:16 - 21430416 ____A (Stardock Corporation ) C:\Users\Conor\Downloads\ObjectDock_free.exe
2012-07-09 08:16 - 2012-07-09 08:16 - 00000000 ____D C:\Users\Conor\AppData\Local\PackageAware
2012-07-08 09:57 - 2012-07-08 09:58 - 00000000 ____D C:\Users\Conor\Desktop\bigint-2010.04.30
2012-07-08 09:57 - 2012-07-08 09:57 - 00039997 ____A C:\Users\Conor\Desktop\bigint-2010.04.30.zip
2012-07-08 07:48 - 2012-07-08 07:50 - 00000000 ____D C:\Users\Conor\Desktop\mapm495a
2012-07-08 07:47 - 2012-07-08 07:47 - 00214182 ____A C:\Users\Conor\Downloads\mapm495a.zip

============ 3 Months Modified Files ========================

2012-08-03 15:39 - 2012-06-21 02:28 - 00066950 ____A C:\Windows\PFRO.log
2012-08-03 09:55 - 2011-08-06 16:24 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177616666-44809529-394013100-1001UA.job
2012-08-03 09:52 - 2011-08-06 10:20 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-03 09:47 - 2011-08-06 10:19 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177616666-44809529-394013100-1000UA.job
2012-08-03 09:29 - 2011-10-19 06:19 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1177616666-44809529-394013100-1000UA.job
2012-08-03 09:02 - 2009-07-13 21:13 - 00796568 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-03 09:00 - 2012-07-27 11:17 - 00000492 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
2012-08-03 09:00 - 2012-06-18 07:34 - 00000468 ____A C:\Windows\Tasks\ParetoLogic Registration3.job
2012-08-03 06:08 - 2012-06-20 05:38 - 00038039 ____A C:\Windows\setupact.log
2012-08-03 03:35 - 2009-07-13 20:45 - 00018736 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-03 03:35 - 2009-07-13 20:45 - 00018736 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-03 03:02 - 2011-08-06 10:20 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-03 02:51 - 2011-10-19 06:19 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1177616666-44809529-394013100-1000Core.job
2012-08-03 02:44 - 2011-08-06 10:19 - 00002637 ____A C:\Users\Conor\Desktop\Google Chrome.lnk
2012-08-02 11:47 - 2011-08-06 10:19 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177616666-44809529-394013100-1000Core.job
2012-08-02 11:21 - 2012-08-02 11:21 - 00001973 ____A C:\Users\Conor\Desktop\Update Checker.lnk
2012-08-02 10:55 - 2011-08-06 16:24 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177616666-44809529-394013100-1001Core.job
2012-08-02 06:10 - 2012-08-02 06:10 - 00032978 ____A C:\Users\Conor\Desktop\DDS.txt
2012-08-02 06:10 - 2012-08-02 06:10 - 00013981 ____A C:\Users\Conor\Desktop\Attach.txt
2012-08-02 06:07 - 2012-08-02 06:07 - 00015851 ____A C:\Users\Conor\Desktop\hijackthis.log
2012-08-02 06:05 - 2012-08-02 06:06 - 00607260 ____R (Swearware) C:\Users\Conor\Desktop\dds.com
2012-08-02 06:04 - 2012-08-02 06:04 - 00388608 ____A (Trend Micro Inc.) C:\Users\Conor\Desktop\HijackThis.exe
2012-08-02 05:48 - 2012-08-02 05:48 - 00448512 ____A (OldTimer Tools) C:\Users\Conor\Downloads\TFC.exe
2012-08-01 01:30 - 2012-07-27 11:16 - 00000420 ____A C:\Windows\Tasks\SpeedyPC Pro.job
2012-07-31 16:09 - 2012-07-27 11:16 - 00000464 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
2012-07-30 04:01 - 2012-06-18 07:34 - 00000442 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job
2012-07-27 12:20 - 2012-07-27 12:20 - 00015074 ____A C:\Users\Conor\Downloads\C80497DE8157DC3417BC386A633361C2573E2552.torrent
2012-07-27 11:42 - 2010-04-04 02:27 - 01222984 ____A C:\Windows\WindowsUpdate.log
2012-07-27 11:41 - 2011-10-09 13:09 - 00000258 _RASH C:\Users\All Users\ntuser.pol
2012-07-27 11:41 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-27 11:24 - 2012-07-27 11:24 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Paddy\Desktop\tdsskiller.exe
2012-07-27 11:22 - 2012-04-28 08:56 - 00001280 ____A C:\Users\Conor\Desktop\GameRanger.lnk
2012-07-27 11:22 - 2011-08-06 14:30 - 00001221 ____A C:\Users\Conor\Desktop\Dropbox.lnk
2012-07-27 11:16 - 2012-07-27 11:16 - 00001203 ____A C:\Users\Paddy\Desktop\SpeedyPC Pro.lnk
2012-07-27 11:13 - 2012-07-27 11:13 - 04731432 ____A (SpeedyPC Software Inc.) C:\Users\Paddy\Desktop\RepairTool.exe
2012-07-26 11:37 - 2012-07-26 11:37 - 00000012 ____A C:\Windows\srun.log
2012-07-24 15:43 - 2012-07-24 15:43 - 00014889 ____A C:\Users\Conor\Downloads\5BE429483B294E59AE7A643CDD41154C884879BC.torrent
2012-07-24 11:18 - 2012-07-24 11:18 - 10719776 ____A (Akamai Technologies, Inc) C:\Users\Conor\Downloads\NetSessionInterface.exe
2012-07-24 07:12 - 2011-12-25 09:01 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-07-24 07:12 - 2011-12-04 12:19 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-07-24 07:11 - 2011-12-04 12:19 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-07-23 07:06 - 2012-07-01 07:42 - 00055359 ____A C:\Windows\DirectX.log
2012-07-22 13:24 - 2012-07-22 13:24 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2012-07-17 03:51 - 2012-07-17 03:51 - 00000040 ____A C:\Users\All Users\bioquvlvhvwkwwu
2012-07-16 18:52 - 2011-08-07 11:10 - 00000600 ____A C:\Users\Conor\AppData\Roaming\winscp.rnd
2012-07-11 18:10 - 2009-07-13 20:45 - 04980200 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 18:05 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-07-11 18:02 - 2011-09-07 08:49 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-11 05:07 - 2011-11-13 12:08 - 00087488 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-07-11 05:07 - 2011-11-13 12:08 - 00080800 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-07-11 05:07 - 2011-11-13 12:08 - 00034720 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-07-09 08:16 - 2012-07-09 08:16 - 21430416 ____A (Stardock Corporation ) C:\Users\Conor\Downloads\ObjectDock_free.exe
2012-07-08 09:57 - 2012-07-08 09:57 - 00039997 ____A C:\Users\Conor\Desktop\bigint-2010.04.30.zip
2012-07-08 07:47 - 2012-07-08 07:47 - 00214182 ____A C:\Users\Conor\Downloads\mapm495a.zip
2012-07-02 11:51 - 2011-12-04 12:19 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-06-30 17:26 - 2012-06-24 06:27 - 00000230 ____A C:\0.bak
2012-06-30 13:17 - 2012-06-30 13:17 - 00023157 ____A C:\Users\Conor\Downloads\[mnova.eu] Connie_Francis_-_Very_Best_Of_-_mp3320_(h33t)_(flint).torrent
2012-06-30 05:17 - 2012-06-30 05:17 - 40048216 ____A (Blizzard Entertainment) C:\Users\Conor\Downloads\Diablo-III-Setup-enGB.exe
2012-06-30 04:45 - 2012-06-30 04:45 - 00069354 ____A C:\Users\Conor\Downloads\[isoHunt] Spec.Ops.The.Line-SKIDROW.torrent
2012-06-29 15:03 - 2012-06-29 15:03 - 00016823 ____A C:\Users\Conor\Downloads\[isoHunt] Never Mind the Buzzcocks - Season 20.torrent
2012-06-26 16:10 - 2012-06-26 16:10 - 02854217 ____A C:\Users\Conor\Downloads\pcsx2-0.9.8-r4600-binaries.7z
2012-06-25 13:43 - 2012-06-25 13:43 - 00015626 ____A C:\Users\Conor\Downloads\19969048E3849E30349147D3663AF74CEA0D0A85.torrent
2012-06-24 15:18 - 2012-06-24 15:18 - 00057986 ____A C:\Users\Conor\Downloads\[isoHunt] Ong.Bak.2.[2008][DVDRip][THAI]-LB.6716738.TPB.torrent
2012-06-24 15:14 - 2012-06-24 15:14 - 00014483 ____A C:\Users\Conor\Downloads\Ong_Bak_2_(With_hardcoded_English_Subtitles).4807084.TPB.torrent
2012-06-24 11:25 - 2012-06-24 11:25 - 00035624 ____A C:\Users\Conor\Downloads\[NFL_Replay]2006.AFC.Championship.Colts.VS.Pats.XviD.unethikal.3761732.TPB.torrent
2012-06-24 11:24 - 2012-06-24 11:24 - 00018529 ____A C:\Users\Conor\Downloads\[isoHunt] download.torrent
2012-06-24 08:16 - 2012-06-24 08:14 - 30260615 ____A ( ) C:\Users\Conor\Downloads\iphone-manager-for-sms.exe
2012-06-24 06:29 - 2012-06-24 06:29 - 00000387 ____A C:\Windows\LkmdfCoInst.log
2012-06-24 06:29 - 2012-06-24 06:28 - 59049216 ____A (Logitech Inc.) C:\Users\Conor\Downloads\lgs830_x64.exe
2012-06-24 06:29 - 2011-12-23 13:42 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2012-06-24 05:39 - 2012-06-24 08:21 - 00643072 ____A C:\Users\Conor\Desktop\sms.sqlite
2012-06-23 15:24 - 2012-06-23 15:32 - 24119683 ____A C:\Users\Conor\Desktop\The Warrior King Opening Fight Scene.mp4
2012-06-23 13:56 - 2012-06-23 13:56 - 09696212 ____A C:\Users\Conor\Downloads\3DMGAME-Sid.Meiers.Civilization.V.v1.0.1.674.Incl.Gods.and.Kings.Crack.Fix1-3DM.7z
2012-06-22 13:29 - 2012-06-22 13:29 - 00017392 ____A C:\Users\Conor\Downloads\521556.zip
2012-06-21 00:37 - 2012-06-21 00:37 - 03166792 ____N C:\Windows\SysWOW64\pbsvc.exe
2012-06-20 05:38 - 2012-06-20 05:38 - 00000000 ____A C:\Windows\setuperr.log
2012-06-19 16:01 - 2011-09-01 10:36 - 00001505 ____A C:\0
2012-06-19 01:51 - 2012-06-19 01:51 - 00013635 ____A C:\Users\Conor\Downloads\example.zip
2012-06-18 14:03 - 2012-06-18 14:03 - 00001974 ____A C:\Users\Paddy\Desktop\Play UT2004.lnk
2012-06-18 14:03 - 2012-06-18 14:03 - 00001974 ____A C:\Users\Mcx1-HOME-PC\Desktop\Play UT2004.lnk
2012-06-18 14:03 - 2012-06-18 14:03 - 00001974 ____A C:\Users\Marie\Desktop\Play UT2004.lnk
2012-06-18 11:52 - 2012-06-18 11:52 - 00000942 ____A C:\Users\Conor\Downloads\Sid.Meiers.Civilization.V-.No-Intro.zip
2012-06-18 11:50 - 2012-06-18 11:50 - 03260015 ____A C:\Users\Conor\Downloads\Civilization 5 v1.0.1.511 Trainer by Freiza.rar
2012-06-18 08:43 - 2012-06-18 08:38 - 248327408 ____A (Nero AG) C:\Users\Conor\Downloads\NeroCreativeCollection1.exe
2012-06-18 07:59 - 2011-08-06 12:02 - 00000039 ____A C:\Windows\Irremote.ini
2012-06-18 07:34 - 2012-06-18 07:34 - 00001188 ____A C:\Users\Conor\Desktop\RegCure Pro.lnk
2012-06-18 07:20 - 2012-06-18 07:20 - 01940656 ____A (ParetoLogic Inc.) C:\Users\Conor\Downloads\RegCureSetup_RW.exe
2012-06-18 04:31 - 2012-06-18 04:31 - 03878112 ____A C:\Users\Conor\Downloads\battlelog-web-plugins-1.122.0-retail-prod.exe
2012-06-17 17:45 - 2012-06-17 05:52 - 00164717 ____A C:\Users\Conor\Desktop\Golden Oldies.aup
2012-06-17 17:33 - 2012-06-17 04:04 - 00001007 ____A C:\Users\Conor\Desktop\Audacity.lnk
2012-06-17 17:32 - 2012-06-17 17:31 - 20786971 ____A (Audacity Team ) C:\Users\Conor\Downloads\audacity-win-2.0.exe
2012-06-17 16:56 - 2012-06-17 16:56 - 00001066 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-06-17 04:04 - 2012-06-17 04:04 - 00000943 ____A C:\Users\Paddy\Desktop\Audacity.lnk
2012-06-17 04:04 - 2012-06-17 04:04 - 00000943 ____A C:\Users\Mcx1-HOME-PC\Desktop\Audacity.lnk
2012-06-17 04:04 - 2012-06-17 04:04 - 00000943 ____A C:\Users\Marie\Desktop\Audacity.lnk
2012-06-16 13:16 - 2012-03-28 12:46 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-16 13:16 - 2011-08-06 16:18 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-12 10:10 - 2011-08-07 20:04 - 00000049 ____A C:\Windows\NeroDigital.ini
2012-06-11 19:08 - 2012-07-11 18:05 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 10:59 - 2012-06-11 10:59 - 10248192 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-06-11 10:35 - 2012-06-11 10:35 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.98.dll
2012-06-11 10:29 - 2011-12-15 08:27 - 24826368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-06-11 10:00 - 2012-06-11 10:00 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb
2012-06-11 09:25 - 2012-06-11 09:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-06-11 09:24 - 2011-12-01 10:31 - 00924160 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-06-11 09:23 - 2010-09-28 05:54 - 01090560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-06-11 09:20 - 2012-04-05 18:16 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-06-11 09:19 - 2012-06-11 09:19 - 00532992 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-06-11 09:19 - 2012-06-11 09:19 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-06-11 09:17 - 2012-06-11 09:17 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-06-11 09:16 - 2012-06-11 09:16 - 06301696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-06-11 09:01 - 2010-09-28 05:37 - 06914560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-06-11 08:51 - 2010-09-28 05:30 - 04246528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-06-11 08:50 - 2012-06-11 08:50 - 02936864 ____A C:\Windows\System32\atiumd6a.cap
2012-06-11 08:45 - 2012-06-11 08:45 - 15703040 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-06-11 08:45 - 2011-12-15 08:27 - 05480448 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-06-11 08:43 - 2011-12-15 08:27 - 04729344 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-06-11 08:41 - 2012-06-11 08:41 - 02971136 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-06-11 08:40 - 2012-06-11 08:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-06-11 08:36 - 2010-09-28 05:21 - 06605824 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-06-11 08:27 - 2011-10-03 07:23 - 00539136 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00367616 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-06-11 08:26 - 2012-06-11 08:26 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-06-11 08:26 - 2011-12-15 08:27 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-06-11 08:26 - 2011-12-15 08:27 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-06-11 08:25 - 2012-06-11 08:25 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-06-11 08:25 - 2010-09-28 05:14 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-06-11 08:25 - 2010-09-28 05:13 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-06-11 08:24 - 2012-06-11 08:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-06-11 08:24 - 2011-09-08 08:51 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-06-11 04:50 - 2012-06-11 04:50 - 16457728 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-06-11 04:50 - 2012-06-11 04:50 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-06-11 04:50 - 2012-06-11 04:50 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-06-11 04:50 - 2012-06-11 04:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-06-11 04:50 - 2012-06-11 04:50 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-06-11 04:50 - 2012-06-11 04:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-06-11 04:49 - 2012-06-11 04:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-06-08 21:43 - 2012-07-11 02:47 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-11 02:47 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-07 05:42 - 2012-06-07 05:42 - 00566400 ____A (AMD Inc.) C:\Users\Conor\Downloads\amd_catalyst_12.6_cap1.exe
2012-06-05 22:06 - 2012-07-11 02:47 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-11 02:47 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-11 02:47 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-11 02:47 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-11 02:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-11 02:47 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-22 04:59 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 04:59 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 04:59 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 04:59 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 04:59 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-22 04:59 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-22 04:59 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-22 04:58 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:15 - 2012-06-22 04:58 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:50 - 2012-07-11 02:47 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-11 02:47 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-11 02:47 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-11 02:47 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-11 02:47 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-11 02:47 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-11 02:47 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-11 02:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-11 02:47 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-26 13:20 - 2012-05-26 13:19 - 15422534 ____A C:\Users\Conor\Downloads\redsn0w_win_0.9.11b4.zip
2012-05-25 05:37 - 2012-05-25 05:37 - 05358971 ____A C:\Users\Conor\Downloads\absinthe-win-2.0.zip
2012-05-25 03:30 - 2012-05-25 05:46 - 05433715 ____A (Igor Pavlov) C:\Users\Conor\Desktop\absinthe-win-2.0.exe
2012-05-21 08:18 - 2011-11-13 12:08 - 00087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2012-05-20 05:18 - 2012-05-20 05:18 - 00419840 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-05-20 05:18 - 2012-05-20 05:18 - 00413696 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-05-20 05:18 - 2012-05-20 05:18 - 00133632 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-05-20 05:18 - 2012-05-20 05:18 - 00110592 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-05-18 06:10 - 2012-05-18 06:10 - 00038894 ____A C:\Users\Conor\Downloads\DxDiag.txt
2012-05-17 04:28 - 2012-05-17 04:28 - 00059053 ____A C:\Users\Conor\Downloads\[mnova.eu] Game_of_Thrones_S02E05_720p_HDTV_x264-IMMERSE_mkv.torrent
2012-05-14 20:01 - 2012-06-13 13:51 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:59 - 2012-06-13 13:51 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 19:03 - 2012-06-13 13:51 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 19:00 - 2012-06-13 13:51 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-12 09:31 - 2012-05-12 09:31 - 01038201 ____A C:\Users\Conor\Downloads\EE210_Past_Exam_Solutions.zip
2012-05-12 00:34 - 2012-05-12 00:34 - 00007597 ____A C:\Users\Conor\AppData\Local\Resmon.ResmonCfg
2012-05-08 08:41 - 2012-05-08 08:41 - 00409085 ____A C:\Users\Paddy\Desktop\tockings.htm
2012-05-07 06:00 - 2012-05-07 06:00 - 00001157 ____A C:\Users\Public\Desktop\GetDataBack for NTFS.lnk
2012-05-07 05:31 - 2012-05-07 05:37 - 05422899 ____A C:\Users\Conor\Desktop\Get data back for FAT and NTFS v3.3 + Serial key.rar

ZeroAccess:
C:\Windows\Installer\{3ac8b39a-c1ca-5000-d930-9e08d1e2618e}
C:\Windows\Installer\{3ac8b39a-c1ca-5000-d930-9e08d1e2618e}\@
C:\Windows\Installer\{3ac8b39a-c1ca-5000-d930-9e08d1e2618e}\L
C:\Windows\Installer\{3ac8b39a-c1ca-5000-d930-9e08d1e2618e}\U
C:\Windows\Installer\{3ac8b39a-c1ca-5000-d930-9e08d1e2618e}\L\[email protected]
C:\Windows\Installer\{3ac8b39a-c1ca-5000-d930-9e08d1e2618e}\U\[email protected]
C:\Windows\Installer\{3ac8b39a-c1ca-5000-d930-9e08d1e2618e}\U\[email protected]
C:\Windows\Installer\{3ac8b39a-c1ca-5000-d930-9e08d1e2618e}\U\[email protected]
C:\Windows\Installer\{3ac8b39a-c1ca-5000-d930-9e08d1e2618e}\U\[email protected]
C:\Windows\Installer\{3ac8b39a-c1ca-5000-d930-9e08d1e2618e}\U\[email protected]
C:\Windows\Installer\{3ac8b39a-c1ca-5000-d930-9e08d1e2618e}\U\[email protected]

ZeroAccess:
C:\Users\Paddy\AppData\Local\{3ac8b39a-c1ca-5000-d930-9e08d1e2618e}
C:\Users\Paddy\AppData\Local\{3ac8b39a-c1ca-5000-d930-9e08d1e2618e}\@
C:\Users\Paddy\AppData\Local\{3ac8b39a-c1ca-5000-d930-9e08d1e2618e}\L
C:\Users\Paddy\AppData\Local\{3ac8b39a-c1ca-5000-d930-9e08d1e2618e}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 5943.11 MB
Available physical RAM: 5124.81 MB
Total Pagefile: 5941.26 MB
Available Pagefile: 5122.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (BOOT) (Fixed) (Total:452.66 GB) (Free:24.35 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:13 GB) (Free:4.14 GB) NTFS
8 Drive k: (WINDOWS7 HP 64BIT) (CDROM) (Total:3.12 GB) (Free:0 GB) CDFS
9 Drive l: () (Removable) (Total:14.9 GB) (Free:13.39 GB) FAT32
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
11 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------

==================================================================================

==========================================================

Last Boot: 2012-07-29 05:02

======================= End Of Log ==========================

*Search*

Farbar Recovery Scan Tool Version: 04-08-2012 01
Ran by SYSTEM at 2012-08-04 18:52:16
Running from L:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======


----------



## kevinf80 (Mar 21, 2006)

Give me 10 mins or so...


----------



## kevinf80 (Mar 21, 2006)

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as *fixlist.txt*


```
start
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{3ac8b39a-c1ca-5000-d930-9e08d1e2618e}
C:\Users\Paddy\AppData\Local\{3ac8b39a-c1ca-5000-d930-9e08d1e2618e}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
end
```
Now please enter System Recovery Options as you did to get the log.

Run *FRST64* and press the *Fix* button just *once* and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


----------



## TheFlanman (Aug 2, 2012)

No worries, work away


----------



## TheFlanman (Aug 2, 2012)

*Fixlog*

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-08-2012 01
Ran by SYSTEM at 2012-08-04 19:24:11 Run:1
Running from G:\

==============================================

Could not find C:\Windows\System32\services.exe.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{3ac8b39a-c1ca-5000-d930-9e08d1e2618e} moved successfully.
C:\Users\Paddy\AppData\Local\{3ac8b39a-c1ca-5000-d930-9e08d1e2618e} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

==== End of Fixlog ====


----------



## kevinf80 (Mar 21, 2006)

Will the system boot now?


----------



## TheFlanman (Aug 2, 2012)

Yes it will! Brilliant! Thanks a million. Anything else needed??


----------



## kevinf80 (Mar 21, 2006)

You originally had ZeroAccess infection, the following file is always patched by the infection *services.exe* Because it is a crucial system file it is whitelisted by all AV programs and cannot be deleted, Yours was actually missing,that is very unusual.
Do you know how the file ended up missing, i`m curious.

Ok we need to ensure there are no remnants of the infection remaining, run the following scans:

*Step 1*

*Malwarebytes* Anti-Malware and save it to your desktop.
*Alernative D/L mirror*
*Alternative D/L mirror*

Double Click mbam-setup.exe to install the application.









Please download
 Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
 If an update is found, it will download and install the latest version.
 Once the program has loaded, select "Perform Quick Scan", then click Scan.
 The scan may take some time to finish,so please be patient.
 When the scan is complete, click OK, then Show Results to view the results.
 Make sure that everything is checked, and click Remove Selected.
 When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
 Please save the log to a location you will remember.
 The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
 Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

*Step 2*

This scan takes several hours but is well worth doing...

*Run ESET Online Scan*

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
*ESET OnlineScan*
Click the







button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on







to download the ESET Smart Installer. *Save* it to your desktop.
Double click on the







icon on your desktop.

Check








Click the







button.
Accept any security warnings from your browser.
Check









*Ensure remove found threats is checked*
Push the *Start* button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push








Push







, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the







button.
Push








You can refer to *this animation* by *neomage* if needed.
Frequently asked questions available *Here* *Please read them before running the scan.*

*Also be aware this scan can take several hours to complete depending on the size of your system.*

ESET log can be found here *"C:\Program Files\ESET\EsetOnlineScanner\log.txt".*

Post those two logs and give an update on any remaining issues or concerns...

Thanks,

Kevin


----------



## TheFlanman (Aug 2, 2012)

Kevin really thanks a lot for this. You just saved me a serious amount of hassle. You're a life saver 

Here's the malwarebytes log, i'll scan do the ESET scan tonight and upload the log in the morning.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.04.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Conor :: HOME-PC [administrator]

04/08/2012 21:23:14
mbam-log-2012-08-04 (21-23-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 274511
Time elapsed: 11 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Conor\Downloads\SoftonicDownloader_for_directx-redistributable.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.
C:\Users\Conor\Downloads\SoftonicDownloader_for_origin.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.
C:\Users\Conor\Downloads\SoftonicDownloader_for_vlc-media-player.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.

(end)

Again, Thank you!
Conor


----------



## kevinf80 (Mar 21, 2006)

No problem Conor, just post the log when you`re ready, don`t forget to let me know if you have any remaining issues or concerns...

Kevin...:up:


----------



## TheFlanman (Aug 2, 2012)

Kevin here is the ESET log. If you have don't mind can you explain to me why AVG9 (my Anti-virus, Anti-spyware and Anti-Rootkit program) failed to pick up on the 8 infections that ESET and 3 infections that MBAM found?

C:\FRST\Quarantine\{3ac8b39a-c1ca-5000-d930-9e08d1e2618e}\U\[email protected] Win64/Agent.BA trojan	cleaned by deleting - quarantined
C:\FRST\Quarantine\{3ac8b39a-c1ca-5000-d930-9e08d1e2618e}\U\[email protected] Win64/Conedex.B trojan	cleaned by deleting - quarantined
C:\FRST\Quarantine\{3ac8b39a-c1ca-5000-d930-9e08d1e2618e}\U\[email protected] Win64/Sirefef.AP trojan	cleaned by deleting - quarantined
C:\FRST\Quarantine\{3ac8b39a-c1ca-5000-d930-9e08d1e2618e}\U\[email protected] a variant of Win32/Sirefef.FD trojan	cleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarApp.dll	a variant of Win32/Toolbar.Babylon application	cleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarsrv.exe	probably a variant of Win32/Toolbar.Babylon application	cleaned by deleting - quarantined
C:\Users\Conor\Desktop\Get data back for FAT and NTFS v3.3 + Serial key.rar	Win32/Adware.Virtumonde application	deleted - quarantined
C:\Users\Conor\Downloads\cnet2_handyuninstaller-setup_exe.exe	a variant of Win32/InstallCore.D application	cleaned by deleting - quarantined


Thanks 
Conor


----------



## kevinf80 (Mar 21, 2006)

Hiya Conor

The only real infection you had was ZeroAccess, that can come onto your system in numerous ways, the most common is via cracks or keygens. Have a read through this link for a better explanation:

http://nakedsecurity.sophos.com/2012/06/06/zeroaccess-rootkit-usermode/

I`m not sure why the malware writers had a shift in strategy as this latest version of ZA is much easier to deal with.

The other stuff you had was just nuisance adware such as Babylon, unforunately it would appear you installed or allowed it to be installed as it was running from your programs folder, it may have come piggy backed with genuine software, always read the EULA or watch for boxes ticked that allow optional UNwanted extras.

We never really used many tools, so not much to clean up, do the following:

*Step 1*

Remove ESET online scanner:


 Click Start, type *Uninstall a Program* into the Search programs and files box, and then press ENTER.
 Click to select *ESET Online Scanner* from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall *ESETonline Scanner*, only re-boot if prompted.

*Step 2*

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any *Beta* updates.
*If Java or Adobe as updated please check under Start > Control Panel > Programs and Featues, ensure any old versions are removed. <--- Very Important*

*Step 3*

Download







TFC to your desktop, from either of the following links
*Link 1*
*Link 2*

 Save any open work. TFC will close all open application windows.
 Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select Run as Administartor
 If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, *including your Desktop*. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not *Re-boot it yourself to complete cleaning process* *<---- Very Important *

Keep TFC it is an excellent, run weekly utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. *Always remember to re-boot after a run, even if not prompted*

*Step 4*

Create a new restore point:

1. Right-click on Computer and go to Properties.
2. Next click on the System Protection link.
3. The System Properties dialog screen opens up and you will want to click on Create.
4. Type in a description for the restore point which will help you remember the point at which it was created. Click on create.
5. You should see the message "The restore point was created successfully

To remove all but the most recent restore point do the following:

1. Open Disk Cleanup by clicking the Start button







. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
2. If prompted, select the drive that you want to clean up, and then click OK.
3. In the Disk Cleanup for (usually C:\) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
4. If prompted, select the drive that you want to clean up, and then click OK.
5. Click the More Options tab, under System Restore and Shadow Copies, click Clean up.
6. In the Disk Cleanup dialog box, click Delete.
7. Click Delete Files, and then click OK. Re-Boot your PC.

Let me know if those steps complete OK, also if any remaining questions etc...

Kevin...


----------



## TheFlanman (Aug 2, 2012)

Yeah I don't use IE so hadn't noticed any of the crap toolbars or addons. This is the family PC, I'm just the maintenance guy! Haha! That's great everything done and sorted. Only one other problem and that's this error message that keeps popping up when I log in.










I assume it's a program trying to startup that has been removed so I tried deleting the startup key in the registry (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\unsti.dll) but it just restored itself... Any ideas what that might be or how to get rid of it?

If not don't worry about it, it's a small inconvenience that I can hopefully solve 

Can't say this enough, but thanks again

Conor


----------



## kevinf80 (Mar 21, 2006)

Download *SystemLook* from one of the links below and save it to your Desktop.
*Link 1*
*Link 2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:


```
:filefind
unsti.dll
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*

Kevin


----------



## TheFlanman (Aug 2, 2012)

Hmmm... how odd

SystemLook 30.07.11 by jpshortstuff
Log created at 21:51 on 05/08/2012 by Conor
Administrator - Elevation successful

========== filefind ==========

Searching for "unsti.dll"
No files found.

-= EOF =-


----------



## kevinf80 (Mar 21, 2006)

Well that is strange for sure. If that issue still pops up then we need to find out why, this is a laborious task but should find the problem. Do a clean boot of windows and see if the issue is still there, if not follow the instructions until you find the problem service.

All instructions are here http://support.microsoft.com/kb/929135 Read through them a couple of times, or print them off. It is quite easy to follow and should locate the problem...

Kevin


----------



## TheFlanman (Aug 2, 2012)

Ah thank God, deleting it from the registry a second time seemed to do the job, no more error message. Kev you've been brilliant, I think this can go as solved  Thanks again mate!

Conor


----------



## kevinf80 (Mar 21, 2006)

Any time my friend, Delete SystemLook from your Desktop, also navigate here C:\FRST delete that folder. Othere than that you should be good to go.

Here are some tips to reduce the potential for malware infection in the future:

*Make proper use of your antivirus and firewall*

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, *NEVER* turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use *WinPatrol* This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained *Here*

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any *Beta* updates.
If Java or Adobe as updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed.
*Use a safer web browser*

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

*Firefox*,

*Opera*, and

*Chrome*.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial *HERE* which will help you to make IE *MUCH* safer.

These *browser add-ons* will help to make your browser safer:

*Web of Trust* warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for *Firefox* and *Internet Explorer*.

*Green* to go, 
*Yellow* for caution, and 
*Red* to stop.

Available for *Firefox* only. *NoScript* helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at *THIS* article.

Here a couple of links by two security experts that will give some excellent tips and advice.

*So how did I get infected in the first place by Tony Klein*

*How to prevent Malware by Miekiemoes*

Finally this link *HERE* will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

If no remaining issues hit the Mark Solved tab at the top of the thread,

Take care,

Kevin


----------

