[Mark_H]

My daughter was browsing pictures for her history homework, clicked on a link... result pc infected with win32/fakeyak

Defender and MSE was installed - supposedly removed it, but no luck.

Any help with removal will be much appreciated.

Mark

[Advertisements]

Hi, Mark_H! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:

• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
• I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
• If you are not sure of anything along the way, just ask.

OK, lets start



Can you run the following program for me please, then get back to me with the log that it creates...


Download RogueKiller to your desktop

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 1 and press Enter on the keyboard
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

[BlackOxide]

Hi, Mark_H! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:

• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
• I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
• If you are not sure of anything along the way, just ask.

OK, lets start



Can you run the following program for me please, then get back to me with the log that it creates...


Download RogueKiller to your desktop

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 1 and press Enter on the keyboard
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

[Mark_H]

Hi there, many thanks for your help - much appreciated!!!

Results as requested

First time I ran RogueKiller:

RogueKiller V5.1.1 [05/05/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: Mark [Admin rights]
Mode: Scan -- Date : 05/12/2011 19:45:32

Bad processes: 1
[APPDT/TMP/DESKTOP] MediaServer.exe -- c:\programdata\tversity\media server\mediaserver.exe -> KILLED

Registry Entries: 1
[APPDT/TMP/DESKTOP] 7e5fce8.job : c:\users\jane\appdata\local\temp\\setup3462074528.exe -> FOUND

HOSTS File:


Finished : << RKreport[1].txt >>
RKreport[1].txt



Second time I ran RogueKiller:

RogueKiller V5.1.1 [05/05/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: Mark [Admin rights]
Mode: Scan -- Date : 05/12/2011 19:46:16

Bad processes: 0

Registry Entries: 0

HOSTS File:


Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Edited by Mark_H, 12 May 2011 - 12:52 PM.

[BlackOxide]

Great, that's temporarily killed the process. Could you now run a scan with OTL and get back to me with the log that it creates please.


OTL Quick Scan

• Double click on the OTL icon to run it.
• When the window appears, underneath Output at the top, make sure Standard Output is selected.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open a notepad window.
• Please post the contents of this log

[Mark_H]

OTL.TXT

OTL logfile created on: 12/05/2011 22:20:27 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Mark\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 82.48 Gb Free Space | 27.67% Space Free | Partition Type: NTFS

Computer Name: MARK-PC | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/12 22:19:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Downloads\OTL.exe
PRC - [2011/05/07 08:26:07 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/30 00:11:36 | 003,372,856 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2010/12/16 12:48:40 | 000,142,336 | ---- | M] () -- C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/05/07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/05/07 18:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2010/04/02 11:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/24 18:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/08/13 14:34:08 | 001,891,416 | ---- | M] (GARMIN Corp.) -- C:\Program Files\Garmin\gStart.exe
PRC - [2007/04/09 12:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CtHelper.exe


========== Modules (SafeList) ==========

MOD - [2011/05/12 22:19:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Downloads\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/24 21:33:26 | 000,921,600 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/10/06 16:32:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/01/24 23:37:00 | 000,021,120 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2011/01/03 09:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/01/03 09:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/01/03 09:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/07/27 08:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 300(UVC)
DRV - [2010/07/27 08:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/07/27 08:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/06/10 22:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/04/18 08:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 06:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 05:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 04:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 04:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 04:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 04:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 04:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 04:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 04:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/10 04:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 85 6C 9A D6 A4 64 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk"
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 08:26:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 08:26:12 | 000,000,000 | ---D | M]

[2010/10/05 17:23:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions
[2011/05/05 19:41:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\umh1a8q7.default\extensions
[2010/10/06 19:24:36 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\umh1a8q7.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/10/06 19:24:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\umh1a8q7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/11 08:03:37 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\umh1a8q7.default\extensions\[email protected]
[2010/10/05 17:23:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\vdlxi2hx.default\extensions
[2011/02/09 11:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/09 11:52:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/07 08:26:07 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/09 11:52:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/07 08:26:09 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/05/07 08:26:09 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/05/07 08:26:09 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/05/07 08:26:09 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/05/07 08:26:09 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKCU..\Run: [gStart] C:\Program Files\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/12 19:42:27 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{DC3DB881-4AB1-42D7-8F68-894A5C5DBE8E}
[2011/05/11 22:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/05/11 19:25:25 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{46F118A5-FE09-4755-962F-1486174A9755}
[2011/05/11 07:23:11 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{5130224B-C3C4-466D-ADB1-8EBF051F372E}
[2011/05/11 07:22:49 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{3657B556-2920-403D-8E79-A0AD6B7B1233}
[2011/05/10 19:22:35 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{E8800729-5F32-476C-990A-D1FD13446C2B}
[2011/05/10 19:22:02 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{477112F8-62FF-4348-8E41-44FC58DAD17B}
[2011/05/10 07:21:28 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{8BDEC5C6-5D27-435F-A5B0-07CC27D90012}
[2011/05/09 19:20:43 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{74546AA9-E76D-41B5-95BE-A8B58B8B04AE}
[2011/05/09 07:19:58 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{B20116F6-E64A-4D8B-9D38-FF9F9247E037}
[2011/05/09 07:19:47 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{FBF9D596-D65A-49E9-B611-F40A1BE3C106}
[2011/05/08 19:19:01 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{2F6B4742-6160-45D8-8A8F-3F507BD5F2EC}
[2011/05/08 19:18:40 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{7848972A-696B-483D-8D64-213240816D28}
[2011/05/08 07:18:05 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{A9A3F9E3-7D5B-454C-B471-19376CEF6B0D}
[2011/05/08 07:17:54 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{A0EB3B9A-7B15-4228-9638-70AF331F5580}
[2011/05/07 19:17:29 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{4DF57A76-9BAF-4DF2-A576-AF5BDA1B90A7}
[2011/05/07 19:16:57 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{4DFFEDB3-5140-447E-93C1-9CF6141AC8CE}
[2011/05/07 07:16:12 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{53FD4A4A-1BE5-4E3A-8D25-02F951F7639C}
[2011/05/06 19:15:26 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{81BF9906-0D47-4BBE-A2B6-592077C8B5BC}
[2011/05/06 07:14:52 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{7DAB9346-1DDD-43B1-9E73-6B77D708A00A}
[2011/05/06 07:14:30 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{CBC23173-E7D4-4F78-8219-8AACCD904262}
[2011/05/05 19:14:16 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{2C2DC4B5-FFBA-4273-A6DC-02296E064BE0}
[2011/05/04 19:13:16 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{07FC3D5A-34A6-40B9-AF83-998C9D18A355}
[2011/05/04 07:12:08 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{C5824046-3358-4446-B5CD-46BE512FFA9C}
[2011/05/04 07:11:57 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{EEAB2286-6F75-4D00-A6C1-2691EDC90235}
[2011/05/03 19:11:12 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{8BFBC8D9-A2B6-457B-8DED-767C6BB83021}
[2011/05/03 19:11:01 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{D2C00F2A-354D-4E28-A6F2-5314CE062AD0}
[2011/05/03 07:10:26 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{7954B59D-D47E-446D-A75E-88CF63A3C504}
[2011/05/03 07:10:15 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{DF0DAE6A-D97D-4FFB-83F4-1B9A572C1302}
[2011/05/02 19:09:29 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{210F4045-2B63-457D-AE94-52C0F4276A5B}
[2011/05/02 19:09:07 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{0189B2BE-2F45-4991-979B-D72FA41C2E7B}
[2011/05/02 07:08:33 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{3D7E75D1-9E5A-42BB-BE47-96004D9204E1}
[2011/05/02 07:08:11 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{7B05E32A-A0EA-40B6-853B-C102290CC430}
[2011/05/01 19:07:26 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{825E35DA-1AB7-4101-89F7-A05B934ABB96}
[2011/05/01 19:07:15 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{23091577-AE54-4332-8233-CDC5F5DE890E}
[2011/05/01 07:06:41 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{D9FD19A4-AE6B-4578-A99C-499627201B71}
[2011/05/01 07:06:30 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{8F9216B3-DE2E-4775-8F53-2F215343A377}
[2011/04/30 19:05:45 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{7BAB2105-03BD-4A70-A043-02E2B87AFD01}
[2011/04/30 19:05:23 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{721B8310-60DE-4358-AFA2-3DFD12297E3F}
[2011/04/30 07:04:48 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{3223DDA5-66E6-4D33-8624-4B82C7044C9A}
[2011/04/30 07:04:38 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{7AF30599-1EFF-44B2-9DCF-47009ABE19DE}
[2011/04/29 19:03:52 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{35E4AAEA-248E-45EE-B38D-077526EFC372}
[2011/04/29 19:03:30 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{D02AD7D2-D77B-4B84-9473-14B53C96B185}
[2011/04/29 07:02:55 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{7A872C06-C51C-4A70-BD1D-3A69570C6F74}
[2011/04/29 07:02:44 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{8BDEC5F1-3C4A-4901-A2D3-DED6715E3394}
[2011/04/28 19:01:56 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{C99747DF-A969-4B88-9596-CC201769CB2F}
[2011/04/28 19:01:45 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{21B5EBF6-7628-4322-9A94-E267377500D7}
[2011/04/28 19:01:34 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{9F018CC1-56C5-4242-BA64-3FA2C6F99E4F}
[2011/04/27 22:30:39 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{7F9C34EC-1675-41AD-860B-76348DAAF51D}
[2011/04/27 22:30:24 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{C150568D-A826-49B4-BD79-9FB705AF0FBB}
[2011/04/27 19:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/27 19:30:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/27 19:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/26 22:29:13 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{2DFEAAB3-F8F8-4F9D-9942-0DD8EEDB2188}
[2011/04/26 10:28:29 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{19124B29-DA46-4967-A2D6-ED3A4592F8BE}
[2011/04/25 22:27:32 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{230E8FC5-EF12-4BA9-872D-076008CD3154}
[2011/04/25 10:26:47 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{3A0EB942-0052-4BA0-AF2F-864F59EA000A}
[2011/04/24 22:26:34 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{9ABD8DB6-FE54-4D6E-A3FF-E2A250E7CC21}
[2011/04/23 10:38:39 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{EFE45CBE-81DF-430D-8404-866258889D4E}
[2011/04/22 10:37:09 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{D7306BB8-71E0-4006-BDC1-E66AC0F8D896}
[2011/04/21 22:36:35 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{4915F5F4-A9D3-4778-981A-4045D9B73155}
[2011/04/21 10:35:40 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{54CB1258-5902-4BFC-9769-5282A87AD840}
[2011/04/20 22:35:06 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{C96AED7D-CF37-43CD-B721-18CD0263D785}
[2011/04/20 10:34:10 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{969CF98E-0CAA-420E-8BBA-E549723D6650}
[2011/04/19 22:32:53 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{1BFEE543-C7E5-4A2B-A0B2-7BFF3DF73E66}
[2011/04/19 15:25:11 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2011/04/19 15:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2011/04/19 10:32:13 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{E93F2DE5-D513-4701-86AB-53BC90F42CD7}
[2011/04/19 10:31:50 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{A7EB0E17-FF45-4B2A-92B3-02488481CFDE}
[2011/04/18 22:31:15 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{C51076E6-5D93-4176-BA31-A08234BDE62F}
[2011/04/18 22:30:53 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{96B76365-EFAD-475B-836F-0FB8046E7429}
[2011/04/18 10:30:15 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{49C2E1FA-4F1D-412D-90B5-00CAA1417728}
[2011/04/18 10:29:53 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{14C87224-C97F-48DE-B318-6E896D0B0740}
[2011/04/17 22:29:19 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{136ACBA2-D463-46A7-BA63-878E82172646}
[2011/04/17 22:29:08 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{769BE8E8-CEEB-4D2E-A110-C9E30284928C}
[2011/04/17 10:28:12 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{728BDEBB-5CAF-4532-9BF6-5CE79C7BE644}
[2011/04/17 10:28:01 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{311E3B0F-2B8E-40A2-BF5D-02EDE345B39F}
[2011/04/16 22:27:47 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{B52A4B13-1E7C-424D-BE94-5B7852CA5CD7}
[2011/04/16 22:27:15 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{C67A0130-8523-4D5D-BE5F-EBE60EF35FF8}
[2011/04/16 10:27:01 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{48A223EC-D8EE-438C-9F86-23241B1AEE2C}
[2011/04/16 10:26:39 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{73EE01AE-9DFA-4DC2-AEC8-E015DA1072C4}
[2011/04/16 10:26:26 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{CE25A0D7-5455-42F0-A990-7D06762230B1}
[2011/04/15 20:24:44 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{8664E6D1-8E1B-4421-977F-8F455F42C2FD}
[2011/04/14 20:23:32 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{1205C1E9-D208-42C1-9844-746A55518CEC}
[2007/04/09 12:32:58 | 000,034,816 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2007/04/09 12:19:16 | 000,010,240 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe
[2 C:\Users\Mark\Documents\*.tmp files -> C:\Users\Mark\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/12 22:20:57 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/12 22:20:57 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/12 22:18:08 | 000,628,634 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/12 22:18:08 | 000,111,004 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/12 22:16:12 | 000,001,063 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2011/05/12 22:15:55 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/12 22:15:55 | 000,000,632 | RHS- | M] () -- C:\Users\Mark\ntuser.pol
[2011/05/12 22:14:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/12 22:13:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011/05/12 22:13:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/12 22:13:21 | 2615,795,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/12 22:12:53 | 000,031,056 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
[2011/05/12 22:12:53 | 000,031,056 | ---- | M] () -- C:\Windows\System32\BMXState-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
[2011/05/12 22:12:53 | 000,030,528 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
[2011/05/12 22:12:53 | 000,030,528 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
[2011/05/12 22:12:53 | 000,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
[2011/05/11 22:37:56 | 001,125,058 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/05/11 22:35:32 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/05/11 22:31:30 | 000,512,992 | ---- | M] () -- C:\Users\Mark\Desktop\sdsetup_revwire207.exe
[2011/05/11 19:27:27 | 000,002,002 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/27 19:31:13 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/21 15:30:56 | 000,001,875 | ---- | M] () -- C:\Users\Public\Desktop\Sonos Desktop Controller.lnk
[2011/04/19 15:25:13 | 000,001,255 | ---- | M] () -- C:\Users\Mark\Desktop\AVS4YOU Software Navigator.lnk
[2011/04/16 03:24:48 | 000,308,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Users\Mark\Documents\*.tmp files -> C:\Users\Mark\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/11 22:37:38 | 001,125,058 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/05/11 22:35:01 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/05/11 22:32:38 | 000,512,992 | ---- | C] () -- C:\Users\Mark\Desktop\sdsetup_revwire207.exe
[2011/05/07 08:26:13 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/27 19:31:13 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/21 15:30:56 | 000,001,875 | ---- | C] () -- C:\Users\Public\Desktop\Sonos Desktop Controller.lnk
[2011/04/19 15:25:13 | 000,001,255 | ---- | C] () -- C:\Users\Mark\Desktop\AVS4YOU Software Navigator.lnk
[2011/03/01 22:05:44 | 000,004,608 | ---- | C] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/11 11:33:36 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/01/29 18:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/01/29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/01/29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/01/29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/01/29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010/07/27 08:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/07/27 08:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/07/27 08:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/07/27 07:56:04 | 000,090,411 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 000,308,496 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,628,634 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,111,004 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- C:\Windows\System32\APOMgrH.dll
[2007/04/09 12:55:14 | 000,097,785 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2007/04/09 12:55:14 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2007/04/09 12:33:50 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CTBurst.dll
[2007/04/09 12:32:32 | 000,037,888 | ---- | C] () -- C:\Windows\System32\psconv.exe
[2007/04/09 12:24:30 | 000,325,821 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2007/04/09 12:24:30 | 000,046,273 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2007/04/09 12:21:44 | 000,048,128 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2007/04/09 12:21:28 | 000,149,838 | ---- | C] () -- C:\Windows\System32\ctbas2w.dat
[2007/04/09 12:19:44 | 000,274,587 | ---- | C] () -- C:\Windows\System32\ctsbas2w.dat
[2007/04/09 12:19:36 | 000,241,084 | ---- | C] () -- C:\Windows\System32\CTSBASW.DAT
[2007/04/09 12:19:36 | 000,115,166 | ---- | C] () -- C:\Windows\System32\CTBASICW.DAT
[2007/04/09 12:19:20 | 000,313,207 | ---- | C] () -- C:\Windows\System32\ctstatic.dat
[2007/04/09 12:19:20 | 000,053,932 | ---- | C] () -- C:\Windows\System32\ctdaught.dat
[2007/04/09 12:19:18 | 000,005,120 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2006/10/02 09:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\System32\kill.ini
[2005/06/16 10:17:16 | 000,071,680 | ---- | C] () -- C:\Windows\System32\ctmmactl.dll

========== LOP Check ==========

[2011/02/19 14:24:36 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\AnvSoft
[2010/10/13 11:25:25 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/03/07 20:54:12 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Canon
[2010/10/13 12:26:41 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\GARMIN
[2011/01/22 19:01:40 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Gygan
[2011/03/01 21:56:04 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\JawboneUpdater
[2010/10/07 21:11:03 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Leadertech
[2011/02/23 15:20:50 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Samsung
[2010/10/13 15:45:43 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Windows Live Writer
[2009/07/14 05:53:46 | 000,012,022 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Edited by Mark_H, 12 May 2011 - 03:29 PM.

[Mark_H]

Extras.txt

OTL Extras logfile created on: 12/05/2011 22:20:27 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Mark\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 82.48 Gb Free Space | 27.67% Space Free | Partition Type: NTFS

Computer Name: MARK-PC | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D5F667-E1D7-4792-9FFD-5888C8D4A0DF}" = Garmin Training Center
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1401311D-3960-4CEB-AC0B-4214F069E5B9}" = Sonos Desktop Controller
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41888B21-922B-4241-4594-EF1E6828A72B}" = BBC iPlayer Desktop
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6DB7AD00-F781-11DF-9EEF-001279CD8240}" = Google Earth
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{714DAA5E-803F-44A2-8512-64F26E681030}_is1" = Gygan
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Jawbone Updater" = Jawbone Updater
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Picasa 3" = Picasa 3
"TVersity Codec Pack" = TVersity Codec Pack 1.4
"TVersity Media Server" = TVersity Media Server 1.9.3
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/04/2011 18:32:12 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iTunes.exe, version: 10.2.1.1, time stamp:
0x4d756476 Faulting module name: QuickTime.qts, version: 7.69.80.9, time stamp:
0x4cf4536a Exception code: 0xc0000005 Fault offset: 0x000e238a Faulting process id:
0x1da8 Faulting application start time: 0x01cbf4aa5d98a621 Faulting application path:
C:\Program Files\iTunes\iTunes.exe Faulting module path: C:\Program Files\QuickTime\QTSystem\QuickTime.qts
Report
Id: b70933fe-609d-11e0-8368-00123f6c405f

Error - 06/04/2011 22:45:08 | Computer Name = Mark-PC | Source = EventSystem | ID = 4622
Description =

Error - 15/04/2011 08:19:02 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Faulting application name: jaucheck.exe, version: 2.0.2.4, time stamp:
0x4bed9a14 Faulting module name: jaucheck.exe, version: 2.0.2.4, time stamp: 0x4bed9a14
Exception
code: 0x40000015 Fault offset: 0x0001a110 Faulting process id: 0xdc4 Faulting application
start time: 0x01cbfb674d0d4e13 Faulting application path: C:\Program Files\Common
Files\Java\Java Update\jaucheck.exe Faulting module path: C:\Program Files\Common
Files\Java\Java Update\jaucheck.exe Report Id: 8c1add58-675a-11e0-b624-00123f6c405f

Error - 16/04/2011 10:36:55 | Computer Name = Mark-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.4095 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: e4c Start
Time: 01cbfc3ec0220b48 Termination Time: 18 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: f3df0ad6-6836-11e0-a948-00123f6c405f

Error - 16/04/2011 12:53:08 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Faulting application name: jaucheck.exe, version: 2.0.2.4, time stamp:
0x4bed9a14 Faulting module name: jaucheck.exe, version: 2.0.2.4, time stamp: 0x4bed9a14
Exception
code: 0x40000015 Fault offset: 0x0001a110 Faulting process id: 0x1f38 Faulting application
start time: 0x01cbfc56c258a556 Faulting application path: C:\Program Files\Common
Files\Java\Java Update\jaucheck.exe Faulting module path: C:\Program Files\Common
Files\Java\Java Update\jaucheck.exe Report Id: 00e34710-684a-11e0-a948-00123f6c405f

Error - 17/04/2011 15:10:52 | Computer Name = Mark-PC | Source = EventSystem | ID = 4622
Description =

Error - 17/04/2011 15:10:52 | Computer Name = Mark-PC | Source = EventSystem | ID = 4622
Description =

Error - 17/04/2011 15:10:52 | Computer Name = Mark-PC | Source = EventSystem | ID = 4621
Description =

Error - 23/04/2011 12:53:23 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Faulting application name: jaucheck.exe, version: 2.0.2.4, time stamp:
0x4bed9a14 Faulting module name: jaucheck.exe, version: 2.0.2.4, time stamp: 0x4bed9a14
Exception
code: 0x40000015 Fault offset: 0x0001a110 Faulting process id: 0x25a0 Faulting application
start time: 0x01cc01d6f348bbd4 Faulting application path: C:\Program Files\Common
Files\Java\Java Update\jaucheck.exe Faulting module path: C:\Program Files\Common
Files\Java\Java Update\jaucheck.exe Report Id: 3305ee9b-6dca-11e0-a948-00123f6c405f

Error - 11/05/2011 14:37:05 | Computer Name = Mark-PC | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 19/02/2011 08:52:38 | Computer Name = Mark-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.0.2
with the system having network hardware address 88-87-17-14-37-77. Network operations
on this system may be disrupted as a result.

Error - 15/03/2011 06:38:33 | Computer Name = Mark-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.0.2
with the system having network hardware address 88-87-17-14-37-77. Network operations
on this system may be disrupted as a result.

Error - 20/03/2011 13:56:26 | Computer Name = Mark-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR4.

Error - 27/04/2011 14:51:44 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Time service terminated with the following error: %%1115

Error - 11/05/2011 14:24:49 | Computer Name = Mark-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 19:23:02 on ?11/?05/?2011 was unexpected.

Error - 12/05/2011 14:38:10 | Computer Name = Mark-PC | Source = DCOM | ID = 10010
Description =

Error - 12/05/2011 14:38:30 | Computer Name = Mark-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800705b4: Update for Windows 7 (KB2529073).

Error - 12/05/2011 14:45:22 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7034
Description = The TVersityMediaServer service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/05/2011 14:48:19 | Computer Name = Mark-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800705b4: Update for Windows 7 (KB2534366).

Error - 12/05/2011 17:17:36 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7034
Description = The TVersityMediaServer service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

Edited by Mark_H, 12 May 2011 - 03:31 PM.

[BlackOxide]

Lets now remove a few files with OTL, that were present in those logs. Once this has been done, we'll do a scan with MBAM to scan for any remaining traces



1)
Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  [2011/01/29 18:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
  [2011/01/29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
  [2011/01/29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
  [2011/01/29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
  [2011/01/29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
  
  :Services
  
  :Reg
  
  :Files
  c:\users\jane\appdata\local\temp\setup3462074528.exe
  C:\WINDOWS\tasks\7e5fce8.job
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

2)
Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.




3)

Can you let me know if you are still having warnings that you are infected with Win32/Fakeyak?




In your next reply
Please post the contents of...
OTL log
MBAM log

[Mark_H]

I shut the pc down when not in use to prevent further infection etc. Unfortunately i cannot seem to reboot windows again. Gets to the point of "starting Windows" then a blank screen with the mouse in the middle, and it won't get any further. I have tried "safe mode" and "safe Mode with Networking" with no luck...!

Any suggestions?

Mark

[BlackOxide]

Hopefully we will be able to get round this by using Last Known Good Config. Try the method below and let me know if you can now boot into Windows.

• Switch your PC on, then immediately start tapping the F8 key
• Keep pressing it until you are shown a list of options which include Safe Mode, Safe Mode with Networking etc...
• Use the arrow keys on the keyboard and highlight Last Known Good Configuration
• Now press Enter
• The PC should now resume booting and hopefully boot into Windows as usual

[Mark_H]

Excellent - that worked.

I won't shut the pc down unless you say so.

Now looking at your previous post you want me to run OTL with the script - that also means rebooting the pc.

Do you still want me to do that?


Also Java is trying to install an update - says it is Sun. At the moment i am not allowing anything to run, or should I let it update..?

Edited by Mark_H, 13 May 2011 - 02:30 PM.

[BlackOxide]

Yes, if you could now run the OTL script and MBAM please. It will indeed reboot, but you should be OK now. If it doesn't boot again, using the Last Known Good Config, should bring it back

I would leave the Java update for now, as we will run updates for Java and Flash once we know everything is good.

[Mark_H]

Rebooted fine - this was the result of the "run fix"

Will post result of quick scan once complete...


All processes killed
========== OTL ==========
C:\Windows\MusiccityDownload.exe moved successfully.
C:\Windows\System32\cis-2.4.dll moved successfully.
C:\Windows\System32\issacapi_bs-2.3.dll moved successfully.
C:\Windows\System32\issacapi_pe-2.3.dll moved successfully.
C:\Windows\System32\issacapi_se-2.3.dll moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\users\jane\appdata\local\temp\setup3462074528.exe moved successfully.
File\Folder C:\WINDOWS\tasks\7e5fce8.job not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Mark\Downloads\cmd.bat deleted successfully.
C:\Users\Mark\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Ben
->Temp folder emptied: 4653908 bytes
->Temporary Internet Files folder emptied: 24188413 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 67687278 bytes
->Google Chrome cache emptied: 6265165 bytes
->Flash cache emptied: 25238 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jane
->Temp folder emptied: 80372596 bytes
->Temporary Internet Files folder emptied: 29484115 bytes
->Java cache emptied: 10299 bytes
->FireFox cache emptied: 300874296 bytes
->Flash cache emptied: 105389 bytes

User: Mark
->Temp folder emptied: 599869574 bytes
->Temporary Internet Files folder emptied: 639729360 bytes
->Java cache emptied: 39025 bytes
->FireFox cache emptied: 73435323 bytes
->Google Chrome cache emptied: 23833001 bytes
->Flash cache emptied: 143574 bytes

User: Olivia
->Temp folder emptied: 1442122 bytes
->Temporary Internet Files folder emptied: 33133041 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 59812239 bytes
->Flash cache emptied: 3637 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15798714 bytes
RecycleBin emptied: 15130868662 bytes

Total Files Cleaned = 16,300.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Ben
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jane
->Flash cache emptied: 0 bytes

User: Mark
->Flash cache emptied: 0 bytes

User: Olivia
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05132011_220224

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Edited by Mark_H, 13 May 2011 - 03:20 PM.

[Mark_H]

OTL logfile created on: 13/05/2011 22:16:53 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Mark\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 97.77 Gb Free Space | 32.80% Space Free | Partition Type: NTFS

Computer Name: MARK-PC | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/12 22:19:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Downloads\OTL.exe
PRC - [2011/05/07 08:26:07 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/30 00:11:36 | 003,372,856 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2010/12/16 12:48:40 | 000,142,336 | ---- | M] () -- C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
PRC - [2010/11/24 21:33:26 | 000,921,600 | ---- | M] () -- C:\ProgramData\TVersity\Media Server\MediaServer.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/05/07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/05/07 18:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2010/04/02 11:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/24 18:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/08/13 14:34:08 | 001,891,416 | ---- | M] (GARMIN Corp.) -- C:\Program Files\Garmin\gStart.exe
PRC - [2007/04/09 12:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CtHelper.exe


========== Modules (SafeList) ==========

MOD - [2011/05/12 22:19:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Downloads\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/24 21:33:26 | 000,921,600 | ---- | M] () [Auto | Running] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/10/06 16:32:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/01/24 23:37:00 | 000,021,120 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2011/01/03 09:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/01/03 09:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/01/03 09:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/07/27 08:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 300(UVC)
DRV - [2010/07/27 08:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/07/27 08:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/06/10 22:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/04/18 08:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 06:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 05:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 04:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 04:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 04:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 04:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 04:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 04:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 04:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/10 04:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 85 6C 9A D6 A4 64 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk"
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 08:26:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 08:26:12 | 000,000,000 | ---D | M]

[2010/10/05 17:23:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions
[2011/05/05 19:41:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\umh1a8q7.default\extensions
[2010/10/06 19:24:36 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\umh1a8q7.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/10/06 19:24:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\umh1a8q7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/11 08:03:37 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\umh1a8q7.default\extensions\[email protected]
[2010/10/05 17:23:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\vdlxi2hx.default\extensions
[2011/02/09 11:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/09 11:52:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/07 08:26:07 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/09 11:52:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/07 08:26:09 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/05/07 08:26:09 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/05/07 08:26:09 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/05/07 08:26:09 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/05/07 08:26:09 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/05/13 22:02:27 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKCU..\Run: [gStart] C:\Program Files\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/13 22:02:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/13 21:23:53 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{634B3EA2-382F-47EB-B8E7-B3EF7E93A576}
[2011/05/12 19:42:27 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{DC3DB881-4AB1-42D7-8F68-894A5C5DBE8E}
[2011/05/11 22:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/05/11 19:25:25 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{46F118A5-FE09-4755-962F-1486174A9755}
[2011/05/11 07:23:11 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{5130224B-C3C4-466D-ADB1-8EBF051F372E}
[2011/05/11 07:22:49 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{3657B556-2920-403D-8E79-A0AD6B7B1233}
[2011/05/10 19:22:35 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{E8800729-5F32-476C-990A-D1FD13446C2B}
[2011/05/10 19:22:02 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{477112F8-62FF-4348-8E41-44FC58DAD17B}
[2011/05/10 07:21:28 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{8BDEC5C6-5D27-435F-A5B0-07CC27D90012}
[2011/05/09 19:20:43 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{74546AA9-E76D-41B5-95BE-A8B58B8B04AE}
[2011/05/09 07:19:58 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{B20116F6-E64A-4D8B-9D38-FF9F9247E037}
[2011/05/09 07:19:47 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{FBF9D596-D65A-49E9-B611-F40A1BE3C106}
[2011/05/08 19:19:01 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{2F6B4742-6160-45D8-8A8F-3F507BD5F2EC}
[2011/05/08 19:18:40 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{7848972A-696B-483D-8D64-213240816D28}
[2011/05/08 07:18:05 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{A9A3F9E3-7D5B-454C-B471-19376CEF6B0D}
[2011/05/08 07:17:54 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{A0EB3B9A-7B15-4228-9638-70AF331F5580}
[2011/05/07 19:17:29 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{4DF57A76-9BAF-4DF2-A576-AF5BDA1B90A7}
[2011/05/07 19:16:57 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{4DFFEDB3-5140-447E-93C1-9CF6141AC8CE}
[2011/05/07 07:16:12 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{53FD4A4A-1BE5-4E3A-8D25-02F951F7639C}
[2011/05/06 19:15:26 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{81BF9906-0D47-4BBE-A2B6-592077C8B5BC}
[2011/05/06 07:14:52 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{7DAB9346-1DDD-43B1-9E73-6B77D708A00A}
[2011/05/06 07:14:30 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{CBC23173-E7D4-4F78-8219-8AACCD904262}
[2011/05/05 19:14:16 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{2C2DC4B5-FFBA-4273-A6DC-02296E064BE0}
[2011/05/04 19:13:16 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{07FC3D5A-34A6-40B9-AF83-998C9D18A355}
[2011/05/04 07:12:08 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{C5824046-3358-4446-B5CD-46BE512FFA9C}
[2011/05/04 07:11:57 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{EEAB2286-6F75-4D00-A6C1-2691EDC90235}
[2011/05/03 19:11:12 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{8BFBC8D9-A2B6-457B-8DED-767C6BB83021}
[2011/05/03 19:11:01 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{D2C00F2A-354D-4E28-A6F2-5314CE062AD0}
[2011/05/03 07:10:26 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{7954B59D-D47E-446D-A75E-88CF63A3C504}
[2011/05/03 07:10:15 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{DF0DAE6A-D97D-4FFB-83F4-1B9A572C1302}
[2011/05/02 19:09:29 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{210F4045-2B63-457D-AE94-52C0F4276A5B}
[2011/05/02 19:09:07 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{0189B2BE-2F45-4991-979B-D72FA41C2E7B}
[2011/05/02 07:08:33 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{3D7E75D1-9E5A-42BB-BE47-96004D9204E1}
[2011/05/02 07:08:11 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{7B05E32A-A0EA-40B6-853B-C102290CC430}
[2011/05/01 19:07:26 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{825E35DA-1AB7-4101-89F7-A05B934ABB96}
[2011/05/01 19:07:15 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{23091577-AE54-4332-8233-CDC5F5DE890E}
[2011/05/01 07:06:41 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{D9FD19A4-AE6B-4578-A99C-499627201B71}
[2011/05/01 07:06:30 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{8F9216B3-DE2E-4775-8F53-2F215343A377}
[2011/04/30 19:05:45 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{7BAB2105-03BD-4A70-A043-02E2B87AFD01}
[2011/04/30 19:05:23 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{721B8310-60DE-4358-AFA2-3DFD12297E3F}
[2011/04/30 07:04:48 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{3223DDA5-66E6-4D33-8624-4B82C7044C9A}
[2011/04/30 07:04:38 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{7AF30599-1EFF-44B2-9DCF-47009ABE19DE}
[2011/04/29 19:03:52 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{35E4AAEA-248E-45EE-B38D-077526EFC372}
[2011/04/29 19:03:30 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{D02AD7D2-D77B-4B84-9473-14B53C96B185}
[2011/04/29 07:02:55 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{7A872C06-C51C-4A70-BD1D-3A69570C6F74}
[2011/04/29 07:02:44 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{8BDEC5F1-3C4A-4901-A2D3-DED6715E3394}
[2011/04/28 19:01:56 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{C99747DF-A969-4B88-9596-CC201769CB2F}
[2011/04/28 19:01:45 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{21B5EBF6-7628-4322-9A94-E267377500D7}
[2011/04/28 19:01:34 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{9F018CC1-56C5-4242-BA64-3FA2C6F99E4F}
[2011/04/27 22:30:39 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{7F9C34EC-1675-41AD-860B-76348DAAF51D}
[2011/04/27 22:30:24 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{C150568D-A826-49B4-BD79-9FB705AF0FBB}
[2011/04/27 19:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/27 19:30:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/27 19:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/26 22:29:13 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{2DFEAAB3-F8F8-4F9D-9942-0DD8EEDB2188}
[2011/04/26 10:28:29 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{19124B29-DA46-4967-A2D6-ED3A4592F8BE}
[2011/04/25 22:27:32 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{230E8FC5-EF12-4BA9-872D-076008CD3154}
[2011/04/25 10:26:47 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{3A0EB942-0052-4BA0-AF2F-864F59EA000A}
[2011/04/24 22:26:34 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{9ABD8DB6-FE54-4D6E-A3FF-E2A250E7CC21}
[2011/04/23 10:38:39 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{EFE45CBE-81DF-430D-8404-866258889D4E}
[2011/04/22 10:37:09 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{D7306BB8-71E0-4006-BDC1-E66AC0F8D896}
[2011/04/21 22:36:35 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{4915F5F4-A9D3-4778-981A-4045D9B73155}
[2011/04/21 10:35:40 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{54CB1258-5902-4BFC-9769-5282A87AD840}
[2011/04/20 22:35:06 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{C96AED7D-CF37-43CD-B721-18CD0263D785}
[2011/04/20 10:34:10 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{969CF98E-0CAA-420E-8BBA-E549723D6650}
[2011/04/19 22:32:53 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{1BFEE543-C7E5-4A2B-A0B2-7BFF3DF73E66}
[2011/04/19 15:25:11 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2011/04/19 15:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2011/04/19 10:32:13 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{E93F2DE5-D513-4701-86AB-53BC90F42CD7}
[2011/04/19 10:31:50 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{A7EB0E17-FF45-4B2A-92B3-02488481CFDE}
[2011/04/18 22:31:15 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{C51076E6-5D93-4176-BA31-A08234BDE62F}
[2011/04/18 22:30:53 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{96B76365-EFAD-475B-836F-0FB8046E7429}
[2011/04/18 10:30:15 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{49C2E1FA-4F1D-412D-90B5-00CAA1417728}
[2011/04/18 10:29:53 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{14C87224-C97F-48DE-B318-6E896D0B0740}
[2011/04/17 22:29:19 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{136ACBA2-D463-46A7-BA63-878E82172646}
[2011/04/17 22:29:08 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{769BE8E8-CEEB-4D2E-A110-C9E30284928C}
[2011/04/17 10:28:12 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{728BDEBB-5CAF-4532-9BF6-5CE79C7BE644}
[2011/04/17 10:28:01 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{311E3B0F-2B8E-40A2-BF5D-02EDE345B39F}
[2011/04/16 22:27:47 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{B52A4B13-1E7C-424D-BE94-5B7852CA5CD7}
[2011/04/16 22:27:15 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{C67A0130-8523-4D5D-BE5F-EBE60EF35FF8}
[2011/04/16 10:27:01 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{48A223EC-D8EE-438C-9F86-23241B1AEE2C}
[2011/04/16 10:26:39 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{73EE01AE-9DFA-4DC2-AEC8-E015DA1072C4}
[2011/04/16 10:26:26 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{CE25A0D7-5455-42F0-A990-7D06762230B1}
[2011/04/15 20:24:44 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{8664E6D1-8E1B-4421-977F-8F455F42C2FD}
[2011/04/14 20:23:32 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{1205C1E9-D208-42C1-9844-746A55518CEC}
[2007/04/09 12:32:58 | 000,034,816 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2007/04/09 12:19:16 | 000,010,240 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe
[2 C:\Users\Mark\Documents\*.tmp files -> C:\Users\Mark\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/13 22:19:52 | 000,628,634 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/13 22:19:52 | 000,111,004 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/13 22:15:25 | 000,001,063 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2011/05/13 22:14:15 | 000,000,632 | RHS- | M] () -- C:\Users\Mark\ntuser.pol
[2011/05/13 22:14:14 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/13 22:14:02 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011/05/13 22:14:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/13 22:13:54 | 2615,795,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/13 22:13:25 | 000,031,056 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
[2011/05/13 22:13:25 | 000,031,056 | ---- | M] () -- C:\Windows\System32\BMXState-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
[2011/05/13 22:13:25 | 000,030,528 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
[2011/05/13 22:13:25 | 000,030,528 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
[2011/05/13 22:13:25 | 000,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
[2011/05/13 22:02:27 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/13 21:31:01 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/13 21:31:01 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/12 22:14:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/11 22:37:56 | 001,125,058 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/05/11 22:35:32 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/05/11 22:31:30 | 000,512,992 | ---- | M] () -- C:\Users\Mark\Desktop\sdsetup_revwire207.exe
[2011/05/11 19:27:27 | 000,002,002 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/27 19:31:13 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/21 15:30:56 | 000,001,875 | ---- | M] () -- C:\Users\Public\Desktop\Sonos Desktop Controller.lnk
[2011/04/19 15:25:13 | 000,001,255 | ---- | M] () -- C:\Users\Mark\Desktop\AVS4YOU Software Navigator.lnk
[2011/04/16 03:24:48 | 000,308,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Users\Mark\Documents\*.tmp files -> C:\Users\Mark\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/11 22:37:38 | 001,125,058 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/05/11 22:35:01 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/05/11 22:32:38 | 000,512,992 | ---- | C] () -- C:\Users\Mark\Desktop\sdsetup_revwire207.exe
[2011/05/07 08:26:13 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/27 19:31:13 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/21 15:30:56 | 000,001,875 | ---- | C] () -- C:\Users\Public\Desktop\Sonos Desktop Controller.lnk
[2011/04/19 15:25:13 | 000,001,255 | ---- | C] () -- C:\Users\Mark\Desktop\AVS4YOU Software Navigator.lnk
[2011/03/01 22:05:44 | 000,004,608 | ---- | C] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/11 11:33:36 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/07/27 08:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/07/27 08:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/07/27 08:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/07/27 07:56:04 | 000,090,411 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 000,308,496 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,628,634 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,111,004 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- C:\Windows\System32\APOMgrH.dll
[2007/04/09 12:55:14 | 000,097,785 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2007/04/09 12:55:14 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2007/04/09 12:33:50 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CTBurst.dll
[2007/04/09 12:32:32 | 000,037,888 | ---- | C] () -- C:\Windows\System32\psconv.exe
[2007/04/09 12:24:30 | 000,325,821 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2007/04/09 12:24:30 | 000,046,273 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2007/04/09 12:21:44 | 000,048,128 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2007/04/09 12:21:28 | 000,149,838 | ---- | C] () -- C:\Windows\System32\ctbas2w.dat
[2007/04/09 12:19:44 | 000,274,587 | ---- | C] () -- C:\Windows\System32\ctsbas2w.dat
[2007/04/09 12:19:36 | 000,241,084 | ---- | C] () -- C:\Windows\System32\CTSBASW.DAT
[2007/04/09 12:19:36 | 000,115,166 | ---- | C] () -- C:\Windows\System32\CTBASICW.DAT
[2007/04/09 12:19:20 | 000,313,207 | ---- | C] () -- C:\Windows\System32\ctstatic.dat
[2007/04/09 12:19:20 | 000,053,932 | ---- | C] () -- C:\Windows\System32\ctdaught.dat
[2007/04/09 12:19:18 | 000,005,120 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2006/10/02 09:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\System32\kill.ini
[2005/06/16 10:17:16 | 000,071,680 | ---- | C] () -- C:\Windows\System32\ctmmactl.dll

========== LOP Check ==========

[2011/02/19 14:24:36 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\AnvSoft
[2010/10/13 11:25:25 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/03/07 20:54:12 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Canon
[2010/10/13 12:26:41 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\GARMIN
[2011/01/22 19:01:40 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Gygan
[2011/03/01 21:56:04 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\JawboneUpdater
[2010/10/07 21:11:03 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Leadertech
[2011/02/23 15:20:50 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Samsung
[2010/10/13 15:45:43 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Windows Live Writer
[2009/07/14 05:53:46 | 000,012,518 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

[BlackOxide]

Your OTL log looks good now

Just post the MBAM log when you have it, then if you could let me know if you are still having any problems with the Win32/Fakeyak warnings.

[Mark_H]

What's an MBAM Log?

Also, what AV/Anti Malware protection would YOU recommended?

Thanks again for your assistance!

Mark