[paddiperson]

Hi every time i start a webpage i get ads for ilivid as a popup i have norton as a virus protection and have tried malwarebytes but have had no luck i am a complete laptop program novice. My system is also running much slower than it used to. please help



OTL logfile created on: 8/11/2012 4:01:44 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\james\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 46.29% Memory free
3.73 Gb Paging File | 2.04 Gb Available in Paging File | 54.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.22 Gb Total Space | 20.43 Gb Free Space | 35.10% Space Free | Partition Type: NTFS
Drive D: | 155.13 Gb Total Space | 154.97 Gb Free Space | 99.90% Space Free | Partition Type: NTFS

Computer Name: JAMES-PC | User Name: james | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/11 16:01:25 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\james\Downloads\OTL.exe
PRC - [2012/08/03 01:17:22 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
PRC - [2012/07/18 07:51:30 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/28 00:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/07/29 11:11:41 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009/11/24 21:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/11/12 18:10:06 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/08/12 22:20:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/08/12 20:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009/07/31 18:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/06/19 18:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/23 01:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/14 05:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/14 04:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2007/11/30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/03 01:17:21 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
MOD - [2012/07/18 07:51:29 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
MOD - [2009/11/24 21:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009/11/12 18:10:06 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2007/11/30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/12/08 00:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/03 01:17:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/18 07:51:30 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/28 00:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe -- (N360)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/28 08:21:27 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/29 07:28:38 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/03/29 07:28:30 | 001,092,728 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2012/03/29 07:28:25 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\SymDS64.sys -- (SymDS)
DRV:64bit: - [2012/03/29 07:06:25 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/29 07:03:27 | 000,737,912 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/03/29 07:03:27 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/29 23:44:29 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/01/18 13:37:57 | 000,128,512 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/12/28 07:16:45 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/11/12 03:05:35 | 000,558,080 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SISGRKMD.sys -- (SiS6350)
DRV:64bit: - [2009/10/05 02:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/19 05:30:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2009/09/19 05:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2009/09/19 05:30:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2009/08/20 03:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/08/18 04:44:19 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/01 09:08:25 | 000,067,104 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SISAGPX.SYS -- (SISAGP)
DRV:64bit: - [2009/07/20 10:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/13 02:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/05/24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2012/08/11 10:55:44 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120810.035\ex64.sys -- (NAVEX15)
DRV - [2012/08/11 10:55:44 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120810.035\eng64.sys -- (NAVENG)
DRV - [2012/08/09 04:13:54 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/09 04:13:54 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys -- (EraserUtilDrv11220)
DRV - [2012/07/27 07:37:10 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120810.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/07/11 01:00:46 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120804.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/06/08 10:27:54 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...2-70E6ECE3B735}
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00074f06d8bd83b
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpr...q={searchTerms}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://uk.ask.com/we...il&geo=GB&ver=5
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.babylo...4f06d8bd83b&q="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\james\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012/07/28 10:25:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2012/08/05 01:00:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 07:51:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/14 08:46:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 07:51:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/14 08:46:30 | 000,000,000 | ---D | M]

[2010/09/23 07:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\james\AppData\Roaming\Mozilla\Extensions
[2012/07/18 08:09:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\extensions
[2012/07/17 01:09:49 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/05/15 11:55:11 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\extensions\[email protected]
[2012/03/27 09:46:07 | 000,001,210 | ---- | M] () -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\searchplugins\search.xml
[2011/12/04 18:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/28 10:25:00 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPLGN
[2012/07/18 07:51:31 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/17 17:43:50 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/07/17 16:58:15 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/06/17 17:43:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/17 17:43:50 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/06/17 17:43:50 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/06/17 17:43:50 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/06/17 17:43:50 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========


O1 HOSTS File: ([2012/03/27 11:59:44 | 000,001,395 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 149.5.18.172 www.google-analytics.com.
O1 - Hosts: 149.5.18.172 ad-emea.doubleclick.net.
O1 - Hosts: 149.5.18.172 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ServiceManager.exe] "C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\james\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Fishdom/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Fishdom/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F4513BC-3AEC-4197-B57F-AEAEFB4666E3}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/09 18:27:15 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Malwarebytes
[2012/08/09 18:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/09 18:26:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/09 18:26:53 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/09 18:26:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/09 09:42:13 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{EAB12330-A881-4520-ABF1-A5C94B72B20E}
[2012/08/09 09:42:02 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{7FCE2094-B5B3-4350-AF37-2DA122283CDD}
[2012/08/08 21:41:27 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{F368B4E9-D8A4-4AC3-A11C-E386020D6A61}
[2012/08/08 21:41:08 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{9C85C851-B68C-4CD4-9D53-24F101A13C85}
[2012/08/08 09:40:44 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{E163F308-771B-4683-890F-C97E698C1DF3}
[2012/08/08 09:40:33 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{D6F3C027-3540-4CB9-A6AB-7075207C9C52}
[2012/08/07 21:40:14 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{6D4B84F6-760B-4034-8DDD-841B52F33753}
[2012/08/07 21:40:02 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{0BE29FD6-055B-4DA3-91EE-199B66D26A83}
[2012/08/07 09:39:42 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{13FFFC0F-0745-4C3A-832C-BF64E42D29E1}
[2012/08/07 09:39:29 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{A6CDBA2B-6191-43FD-81BA-17584DA4D0E6}
[2012/08/06 21:38:47 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{D49EC34F-AE22-41B5-94AD-683421114ACB}
[2012/08/06 21:38:29 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{F2E33C8A-BCF8-4470-AA8B-DC08D6C28D14}
[2012/08/06 09:38:11 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{C23F39E8-3163-481D-A497-56DC9FE4F6F7}
[2012/08/06 09:38:00 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{EFF0B982-85ED-4545-9169-47DE554C5776}
[2012/08/05 21:37:09 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{28BB13FE-5D74-4B2A-AE4C-E63FBD9CCF61}
[2012/08/05 21:36:54 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{9E17497E-6AE3-4B35-B8D5-77D44291461B}
[2012/08/05 09:36:38 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{E14C47BC-2525-4AA5-B381-38A8A8D9EE41}
[2012/08/05 09:36:27 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{4A2FD1DC-1072-492B-9E15-BC0CF1FA9C1F}
[2012/08/04 21:59:34 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\Facebook
[2012/08/04 21:35:40 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{083C9DDB-4711-4C95-9481-D1E52CB0D8D8}
[2012/08/04 21:35:27 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{8B0401AA-AD36-438F-8600-A014F87254E4}
[2012/08/04 09:35:12 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{0E16C8B8-480E-4970-A8DC-A21EEB3A11FB}
[2012/08/04 09:35:01 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{7369E6B3-4ABF-40DA-9BDD-72BE7C772675}
[2012/08/03 21:34:36 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{5BF5C2D4-9F82-44CC-BC1F-719A75CB40C6}
[2012/08/03 21:34:08 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{C510A9FB-FCCA-4695-B859-081B88ECBDCD}
[2012/08/03 09:33:52 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{CB522177-F641-460D-A7BF-60C0F9E32DFE}
[2012/08/03 09:33:42 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{D9A7D87C-6224-4C3D-94C9-1A8812B80909}
[2012/08/02 21:33:26 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{F5AD3D82-90AB-4E2F-A39E-860ADF5F2909}
[2012/08/02 21:33:15 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{14771856-D37C-4328-A908-079B28F29414}
[2012/08/02 09:32:33 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{6E7611DF-1E15-4A2B-A399-2056D3AB72F0}
[2012/08/02 09:32:20 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{EE2E073D-64C7-418B-96BD-87FDC14209E7}
[2012/08/01 15:05:39 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{630A5F21-2154-4427-9153-94799369A877}
[2012/08/01 15:04:38 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{9D0E4C84-1679-4541-99A8-024B1AD9614C}
[2012/07/31 22:35:15 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{44463863-CBED-4D2B-80D1-EE4E477337B2}
[2012/07/31 22:33:20 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{C308419B-2B34-4119-902C-CBF9F846D1B7}
[2012/07/31 10:32:41 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{8D3FE256-0841-4FF6-934A-320E9632EB21}
[2012/07/31 10:32:28 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{10CC1B8F-547E-4646-BB53-37143B3B9B98}
[2012/07/30 22:31:54 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{0259F957-DCD9-45B6-AC6B-8B0E3152C4F5}
[2012/07/30 22:31:39 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{CC7C93E9-BABF-467E-8610-2BFD05D35B10}
[2012/07/30 10:31:13 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{29532B9E-0C5A-4F67-9E03-11F55034973F}
[2012/07/30 10:30:58 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{C23E5352-054A-43A4-A0A2-0126FC34B46D}
[2012/07/29 22:30:41 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{34503E90-7605-4B28-85C0-95194E197E73}
[2012/07/29 22:30:30 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{4968C147-B17C-4EFE-ADB2-2378E27B3244}
[2012/07/29 10:30:11 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{49580636-CA53-478D-B71E-DBA3B89037BA}
[2012/07/29 10:29:59 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{78251059-991F-420A-9C97-E6ACA65195E0}
[2012/07/28 22:25:33 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{58C5822C-C19E-41E5-9265-8CEBC2173FAA}
[2012/07/28 22:24:16 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{4A07AD05-AEF9-42FC-B5BF-B47BA337D979}
[2012/07/28 10:23:28 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{8B8BEA5A-31D3-4390-AE57-396D30701CAE}
[2012/07/28 10:23:08 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{FD037629-F33C-43BF-8DB3-20049C574E18}
[2012/07/27 18:02:08 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{6AE07A41-8161-4BF0-8815-9E1D30878596}
[2012/07/27 18:01:24 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{F3A54186-D1C4-4AE4-89ED-6FF24D5BCAF2}
[2012/07/20 14:18:47 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{A12B0BE8-06CE-4076-97E6-FBE9EA205411}
[2012/07/20 02:18:16 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{BEF6B28B-2204-4413-A5A0-EC6F6E0AD758}
[2012/07/20 02:18:05 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{EF1E6536-DEB4-42E9-A041-434E9DAF5D1A}
[2012/07/19 14:17:33 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{7A2E1125-3205-4897-AFAD-41DDAA91103C}
[2012/07/19 14:17:10 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{89FE9700-1337-486B-BEE6-2317951DCCB6}
[2012/07/18 16:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012/07/18 10:53:24 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sys
[2012/07/18 10:53:18 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photo Pos Pro
[2012/07/18 10:52:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photo Pos Pro
[2012/07/18 07:48:32 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{0F62630D-195B-41D3-8E6C-7E0876FC0C39}
[2012/07/18 07:47:56 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{56C79180-51E6-4EBA-9F28-EEE1DA35D9A0}
[2012/07/17 20:44:35 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\FrmMain
[2012/07/17 17:29:42 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pos Free Photo Editor
[2012/07/17 17:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Thraex Software
[2012/07/17 17:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pos Free Photo Editor
[2012/07/17 16:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/07/17 16:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/07/17 16:22:44 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Fly Free Photo Editing & Viewer
[2012/07/17 16:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\5DFly Software Team
[2012/07/17 16:18:22 | 000,000,000 | ---D | C] -- C:\ProgramData\5DFly Software
[2012/07/17 16:06:13 | 000,000,000 | ---D | C] -- C:\Users\james\Desktop\Download
[2012/07/17 11:21:08 | 000,000,000 | ---D | C] -- C:\Users\james\Documents\Wondershare DVD Slideshow Builder Deluxe
[2012/07/17 11:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Wondershare
[2012/07/17 11:20:45 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\Wondershare
[2012/07/17 11:20:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare
[2012/07/17 11:19:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare
[2012/07/17 03:50:14 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{F6B1A3D1-80A9-4CBC-B0F5-07FFD16F11AF}
[2012/07/17 03:50:02 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{166F681A-2093-4388-A9E0-35C04C65F30D}
[2012/07/16 15:49:13 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{6363A747-58ED-4BCD-900B-C6E60ED9E6C2}
[2012/07/16 15:48:51 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{FE3358F4-95B7-4DF1-8000-34B992055B98}
[2012/07/16 03:48:36 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{C6B29A10-BE5C-4849-B365-261D392D6023}
[2012/07/16 03:48:24 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{D0FB1BDD-E918-4EFD-AB7B-5688FDD26903}
[2012/07/15 15:47:52 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{923D5807-CE11-4F6A-ABB8-E23F859BAB09}
[2012/07/15 15:47:07 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{F253AEF5-E570-4F82-B544-DF52023BDF28}
[2012/07/14 07:51:10 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{2EFD0B00-E649-4AE7-AA21-A511994E9F04}
[2012/07/14 07:50:58 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{D8759686-3D92-418A-B7F8-1EB7657249D8}
[2012/07/13 19:50:42 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{40A3B864-F1A5-4C95-88EA-68DAD586988B}
[2012/07/13 19:50:31 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{BB3D4316-6795-4A54-A5D3-2FC39C1EF475}
[2012/07/13 07:49:22 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{E972E21C-C5E9-4D16-8C80-1F543DD1BC68}
[2012/07/13 07:48:07 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{6D9055DC-DE7A-4D2A-A38A-4E236B482284}

========== Files - Modified Within 30 Days ==========

[2012/08/11 16:11:27 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-759374429-2706350353-1693500145-1000UA.job
[2012/08/11 15:47:05 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/11 15:17:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/11 15:07:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/11 02:47:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/10 22:42:10 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-759374429-2706350353-1693500145-1000Core.job
[2012/08/09 18:27:02 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/05 01:08:37 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/05 01:08:37 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/05 00:59:16 | 1503,354,880 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/01 20:09:08 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012/07/28 13:25:10 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\VT20120410.034
[2012/07/28 10:22:51 | 000,002,301 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/07/28 10:22:14 | 002,211,179 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\Cat.DB
[2012/07/28 08:21:27 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/07/28 08:21:27 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/07/28 08:21:27 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/07/18 16:08:50 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012/07/18 10:53:39 | 000,212,878 | ---- | M] () -- C:\Windows\Photo Pos Pro Uninstaller.exe
[2012/07/18 10:53:18 | 000,001,973 | ---- | M] () -- C:\Users\james\Desktop\Photo Pos Pro.lnk
[2012/07/18 08:14:58 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/18 07:57:19 | 000,001,970 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/07/18 07:57:13 | 000,001,264 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/07/18 07:51:39 | 000,002,046 | ---- | M] () -- C:\Users\james\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/18 07:45:24 | 000,001,439 | ---- | M] () -- C:\Users\james\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/17 17:30:17 | 000,123,412 | ---- | M] () -- C:\Windows\Pos Free Photo Editor Uninstaller.exe
[2012/07/17 17:29:42 | 000,001,150 | ---- | M] () -- C:\Users\james\Desktop\Pos Free Photo Editor.lnk
[2012/07/17 17:00:08 | 000,000,247 | ---- | M] () -- C:\user.js
[2012/07/17 16:13:15 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/07/17 16:13:11 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

========== Files Created - No Company Name ==========

[2012/08/09 18:27:02 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/01 20:09:07 | 000,045,056 | ---- | C] () -- C:\Windows\SysNative\acovcnt.exe
[2012/07/18 16:08:50 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012/07/18 10:53:39 | 000,212,878 | ---- | C] () -- C:\Windows\Photo Pos Pro Uninstaller.exe
[2012/07/18 10:53:16 | 000,001,973 | ---- | C] () -- C:\Users\james\Desktop\Photo Pos Pro.lnk
[2012/07/17 17:30:17 | 000,123,412 | ---- | C] () -- C:\Windows\Pos Free Photo Editor Uninstaller.exe
[2012/07/17 17:29:41 | 000,001,150 | ---- | C] () -- C:\Users\james\Desktop\Pos Free Photo Editor.lnk
[2012/07/17 16:59:42 | 000,000,247 | ---- | C] () -- C:\user.js
[2012/07/17 16:13:15 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/07/17 16:13:11 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/27 09:45:23 | 000,000,288 | ---- | C] () -- C:\Users\james\AppData\Roaming\48A9BD50.reg
[2012/01/25 20:05:27 | 000,207,872 | ---- | C] () -- C:\Windows\SysWow64\OneWay.dll
[2011/12/19 08:43:08 | 000,000,000 | ---- | C] () -- C:\Users\james\AppData\Local\{C90C1AC1-9633-4AD6-86E7-E03B631A8190}
[2011/12/16 08:12:59 | 000,000,000 | ---- | C] () -- C:\Users\james\AppData\Local\{022E2C07-2E39-458C-8936-3CF90D494E48}
[2011/12/14 08:41:26 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/09/30 06:41:06 | 000,000,000 | ---- | C] () -- C:\Users\james\AppData\Local\{3F6EC839-54E9-405C-B248-FB9111464BE5}
[2011/09/29 16:24:58 | 000,000,093 | ---- | C] () -- C:\Users\james\AppData\Local\fusioncache.dat
[2011/08/10 15:02:22 | 000,007,625 | ---- | C] () -- C:\Users\james\AppData\Roaming\.freeciv-client-rc-2.3
[2011/05/23 18:21:45 | 000,000,000 | ---- | C] () -- C:\Users\james\AppData\Local\{0D011A05-BFAB-4C38-95EE-4D9E797C8E27}
[2011/05/17 19:14:22 | 000,000,000 | ---- | C] () -- C:\Users\james\AppData\Local\{F966573A-A6C7-46E8-9B8A-C57A6229781D}
[2010/10/02 10:40:58 | 000,007,604 | ---- | C] () -- C:\Users\james\AppData\Local\Resmon.ResmonCfg
[2010/09/27 16:54:35 | 000,779,692 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/22 19:46:42 | 000,000,000 | ---- | C] () -- C:\Users\james\jagex__preferences3.dat
[2010/09/22 19:46:33 | 000,000,129 | ---- | C] () -- C:\Users\james\jagex_runescape_preferences2.dat
[2010/09/22 19:45:18 | 000,000,046 | ---- | C] () -- C:\Users\james\jagex_runescape_preferences.dat
[2010/09/22 14:17:04 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2010/07/29 10:51:56 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== LOP Check ==========

[2011/08/25 14:40:56 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\.freeciv
[2010/09/22 03:07:05 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Asus WebStorage
[2011/01/16 11:52:43 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\AVG10
[2010/10/19 19:44:19 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Firaxis Games
[2012/07/17 16:22:44 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Fly Free Photo Editing & Viewer
[2012/07/18 10:54:56 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\FrmMain
[2011/09/30 07:59:14 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\My Games
[2012/06/21 11:38:00 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\PandoraRecovery
[2011/04/25 20:41:48 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Radialpoint
[2012/08/01 14:46:34 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\SoftGrid Client
[2010/11/08 22:43:38 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\SpinTop
[2010/09/27 16:56:26 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\TP
[2012/08/09 18:45:39 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\uTorrent
[2012/03/29 20:51:57 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Virgin Media
[2011/07/03 20:18:50 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Windows Live Writer
[2012/08/10 22:42:10 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-759374429-2706350353-1693500145-1000Core.job
[2012/08/11 16:11:27 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-759374429-2706350353-1693500145-1000UA.job
[2012/06/27 19:49:52 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:2F370DA6
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:3E16E7A6

< End of report >

[Advertisements]

sorry missed the extras bit here it is

OTL Extras logfile created on: 8/11/2012 4:01:45 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\james\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 46.29% Memory free
3.73 Gb Paging File | 2.04 Gb Available in Paging File | 54.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.22 Gb Total Space | 20.43 Gb Free Space | 35.10% Space Free | Partition Type: NTFS
Drive D: | 155.13 Gb Total Space | 154.97 Gb Free Space | 99.90% Space Free | Partition Type: NTFS

Computer Name: JAMES-PC | User Name: james | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{228D5F6B-82CA-4B1A-ABC9-8CDCF68740AC}" = rport=137 | protocol=17 | dir=out | app=system |
"{28527102-13EB-4F51-8F2D-B83D3112DA9B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2B7E855A-68F9-4F8D-9373-E316F0723B6D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3017B1E7-A4A2-4EF3-86DC-204D94BA8683}" = lport=445 | protocol=6 | dir=in | app=system |
"{325D5A68-05B8-4F56-A747-113798156838}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{39C5C254-1D44-469C-A177-AC117BC95725}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6184BFA4-1AD8-45DE-8E36-1CC0DD2911D9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{64740BAD-5B81-46C4-A1D7-1D75602F0652}" = lport=2869 | protocol=6 | dir=in | app=system |
"{66F8545D-AF6B-4A98-B2DB-904468B8113B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7BFF711B-638B-4260-A2A8-51966DFE77F2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83DDD406-64EE-428B-BAAF-D11E346127FA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{86587BFA-0C28-4D89-9ABD-04F8482E8BFE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{87D3AA19-9528-4604-8545-2DF954E7115D}" = lport=139 | protocol=6 | dir=in | app=system |
"{88C380BE-01AB-489F-B32E-94F07E25C07D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{90F1684D-0CE4-4E21-88F5-16F9A5926B01}" = rport=445 | protocol=6 | dir=out | app=system |
"{9E1F308F-DD3A-425A-B7A4-4C4777E315DB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3B80B5F-8EB7-440D-924C-0F1CDF5ED046}" = lport=138 | protocol=17 | dir=in | app=system |
"{A5E82B39-263B-42CE-82C9-66BD0377F12A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B715E07E-2FB3-4DB8-8758-EF08B7139F90}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C732D24F-41F2-4C60-A975-2CF2DDB58AFA}" = lport=8182 | protocol=6 | dir=in | name=java™ platform se binary |
"{C936B7B6-BC98-4BC8-80ED-F1B661ABEAAB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CDFEC13E-7576-4851-906A-6E797C307FF4}" = rport=138 | protocol=17 | dir=out | app=system |
"{D35AD12D-C512-4E33-9232-ED83C5736D62}" = lport=5353 | protocol=17 | dir=in | name=java™ platform se binary |
"{E5E0A8DF-2FA2-47BE-9D50-69CF40C63FE7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F0742623-7530-4F3C-8C97-C7DC489BE076}" = lport=137 | protocol=17 | dir=in | app=system |
"{FD63A8CF-8021-4745-A807-91415CEC9268}" = rport=139 | protocol=6 | dir=out | app=system |
"{FE922AF4-2AF4-43A3-8906-90A302028ACB}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07AC3FCB-27B2-4146-982C-79EB4E8FE535}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0A3AB688-7EA4-4E82-ABF4-6A9E1CCEF7B4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{0CC3E1FC-A9DA-443D-8C8F-B696C793CBD9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{16E40BC6-CBBF-41F6-9F55-C59D77663F32}" = dir=in | app=c:\users\james\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{1CD00594-B883-4857-829C-6664502A5523}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2FEA3A60-8D8B-4CCB-8276-420E51EDCD6E}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{33C3F477-3349-443C-BFCF-0B7208AE2BAC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{36FFA6A9-E57B-467C-8903-C57905E68EBB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe |
"{3F57F6AB-749C-4708-BA68-61FAF2DED02C}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{3F9FB4CB-5315-4FD3-A000-D3965DB3533A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{430065A0-AEC4-4DF6-A422-EB9718FDFD0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{44880E24-D09C-4A46-9984-8ED4B8ADD9F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{4A343C77-BF2C-4E01-BF5A-0F7DE760B8D4}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{4B324ACF-14B7-4618-9D6A-F59E0DBCADF0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{504F18B5-5389-41F7-97CC-B6909FCD8448}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{571DEA14-A057-4088-A683-D390CFD36D53}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5863A7E2-44CE-45E9-95B5-8B53FB07B144}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{66E3B91A-6C8B-49E9-9ADC-B2188B581C8B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{67512DEF-079F-496F-9B12-6D502126B003}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7E095F5E-CD81-4786-AFA6-6E5E69B089FD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{873115B0-A0EF-4492-AC12-92DDEFCFD0D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe |
"{8842DB6D-4002-4327-BDC6-2C361B0A18F3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{91346ADF-0665-4EE4-BDF6-473FB54C4ABB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{98BFF7B9-606C-48A1-973E-4F955E4E8E7C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iii complete\conquests\civ3conquests.exe |
"{A003061A-A80B-453C-B6B6-0640ED662586}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A56E6091-A6B6-4F69-B838-A95354C19D34}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A6399AC5-AE52-45A6-8F05-6247A1EC73AD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A74B7330-DB77-49DA-9A80-47C559FCE89E}" = protocol=58 | dir=in | [email protected],-28545 |
"{A816E860-13A2-4262-8BF0-3006216B2A55}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iii complete\conquests\civ3conquests.exe |
"{AB7EBC85-CB3A-4A2C-8303-306AD26E337E}" = protocol=6 | dir=out | app=system |
"{B3733E9D-B154-47E4-AFE7-D8107269AB37}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B638E3F5-A460-4BF8-AF4F-A05640163F5D}" = protocol=1 | dir=in | [email protected],-28543 |
"{C3A46C51-86AE-4EC0-9A51-682B6C69E87E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C6B7F51A-9065-45AF-B22D-1932CBA967D4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D2035185-BE1F-4091-AD65-846A92E1CA52}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7EDBA51-34B6-4716-949C-54C1E8D82107}" = protocol=58 | dir=out | [email protected],-28546 |
"{E1E8CB6D-0A7C-4CE0-9F2B-B8859CFBAA70}" = protocol=1 | dir=out | [email protected],-28544 |
"{E8173C47-9BF6-4D39-9415-058175DA9D84}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{EEA732BE-4E11-4755-8F20-B723F5E0440C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F1F6AA74-A656-4D62-AC84-3741CD1BFFDA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{19079FA0-D158-4CB4-90CC-BF3DD01355DE}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{42C5CDC0-1FE6-4AF7-8833-4030E9008A6A}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"TCP Query User{5631318C-5CD4-4E11-BBC6-D3AF5CDD40E2}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe |
"TCP Query User{A3B48453-503F-42CA-8B56-16509A78842B}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"TCP Query User{CF51F26D-8973-4DFE-9811-724F8C9FEC66}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"UDP Query User{46D674AC-8108-4E21-8F9C-C5F38C001581}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{4BDD0211-7F8E-4319-99BB-F4301578807C}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe |
"UDP Query User{A0E7F320-4D1A-4188-934C-8F9A56466BEE}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"UDP Query User{BFBF727F-DE7A-4FB9-B471-17C30D85C15D}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"UDP Query User{CB84FFF2-C52B-4A4B-89EA-E61591577EC0}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Elantech" = ETDWare PS/2-x64 7.0.5.10_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SiS VGA Utilities" = SiS VGA Utilities
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4B9033B-D183-4A6C-9BCB-6BC8F80B939D}" = RPS CRT
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7B8A5E9-CA44-44A0-9393-9EA0FFE4C3FB}" = Alcor Micro USB Card Reader
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ASUS AP Bank_is1" = ASUS AP Bank
"ASUS WebStorage" = ASUS WebStorage
"ASUS_Screensaver" = ASUS_Screensaver
"conduitEngine" = Conduit Engine
"InstallShield_{A7B8A5E9-CA44-44A0-9393-9EA0FFE4C3FB}" = Alcor Micro USB Card Reader
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 14.0.1 (x86 en-GB)" = Mozilla Firefox 14.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PandoraRecovery" = PandoraRecovery (Remove Only)
"Photo Pos Pro" = Photo Pos Pro
"Picasa 3" = Picasa 3
"Pos Free Photo Editor" = Pos Free Photo Editor
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/17/2012 11:11:56 AM | Computer Name = james-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerPlugin_11_3_300_265.exe, version:
11.3.300.265, time stamp: 0x4febd5ac Faulting module name: FlashPlayerPlugin_11_3_300_265.exe,
version: 11.3.300.265, time stamp: 0x4febd5ac Exception code: 0xc0000005 Fault offset:
0x00029647 Faulting process id: 0x16c4 Faulting application start time: 0x01cd642d1c4d3b90
Faulting
application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Faulting
module path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Report
Id: bf3dc402-d021-11e1-a0fc-20cf302d2cdc

Error - 7/17/2012 11:13:23 AM | Computer Name = james-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Media Finder.exe, version: 1.0.9.29, time
stamp: 0x4fec4354 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
time stamp: 0x4e211319 Exception code: 0x0eedfade Fault offset: 0x0000b9bc Faulting
process id: 0x1f2c Faulting application start time: 0x01cd642e667fb565 Faulting application
path: C:\Program Files (x86)\Media Finder\Media Finder.exe Faulting module path:
C:\Windows\syswow64\KERNELBASE.dll Report Id: f2b80278-d021-11e1-a0fc-20cf302d2cdc

Error - 7/17/2012 11:31:13 AM | Computer Name = james-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Media Finder.exe, version: 1.0.9.29, time
stamp: 0x4fec4354 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
time stamp: 0x4e211319 Exception code: 0x0eedfade Fault offset: 0x0000b9bc Faulting
process id: 0x1068 Faulting application start time: 0x01cd643102c191cb Faulting application
path: C:\Program Files (x86)\Media Finder\Media Finder.exe Faulting module path:
C:\Windows\syswow64\KERNELBASE.dll Report Id: 70c1ca9a-d024-11e1-a0fc-20cf302d2cdc

Error - 7/17/2012 11:48:57 AM | Computer Name = james-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Media Finder.exe, version: 1.0.9.29, time
stamp: 0x4fec4354 Faulting module name: borlndmm.dat, version: 14.0.3593.25826,
time stamp: 0x4aef965c Exception code: 0xc0000005 Fault offset: 0x00005195 Faulting
process id: 0x16a8 Faulting application start time: 0x01cd64313d123fd2 Faulting application
path: C:\Program Files (x86)\Media Finder\Media Finder.exe Faulting module path:
C:\Program Files (x86)\Media Finder\borlndmm.dat Report Id: ea8eb95e-d026-11e1-a0fc-20cf302d2cdc

Error - 7/17/2012 11:55:07 AM | Computer Name = james-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Fighters\FULL-DISKfighter\Common
Toolkit Tools.exe".Error in manifest or policy file "" on line . A component version
required by the application conflicts with another component version already active.
Conflicting
components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251.manifest.

Error - 7/17/2012 12:10:23 PM | Computer Name = james-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerPlugin_11_3_300_265.exe, version:
11.3.300.265, time stamp: 0x4febd5ac Faulting module name: NPSWF32_11_3_300_265.dll,
version: 11.3.300.265, time stamp: 0x4febd798 Exception code: 0xc0000005 Fault offset:
0x000c7f5c Faulting process id: 0x19ac Faulting application start time: 0x01cd64364d52abcf
Faulting
application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Faulting
module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll Report
Id: e954e914-d029-11e1-a0fc-20cf302d2cdc

Error - 7/17/2012 6:16:44 PM | Computer Name = james-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 7/17/2012 6:16:48 PM | Computer Name = james-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Fighters\FULL-DISKfighter\Common
Toolkit Tools.exe".Error in manifest or policy file "" on line . A component version
required by the application conflicts with another component version already active.
Conflicting
components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251.manifest.

Error - 7/17/2012 6:17:39 PM | Computer Name = james-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 7/18/2012 7:46:12 PM | Computer Name = james-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 7/18/2012 7:46:40 PM | Computer Name = james-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 8/4/2012 8:00:50 PM | Computer Name = james-PC | Source = Service Control Manager | ID = 7000
Description = The Application Virtualization Client service failed to start due
to the following error: %%1053

Error - 8/4/2012 8:00:50 PM | Computer Name = james-PC | Source = Service Control Manager | ID = 7001
Description = The Client Virtualization Handler service depends on the Application
Virtualization Client service which failed to start because of the following error:
%%1053

Error - 8/4/2012 8:01:20 PM | Computer Name = james-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the SBSD
Security Center Service service to connect.

Error - 8/4/2012 8:01:20 PM | Computer Name = james-PC | Source = Service Control Manager | ID = 7000
Description = The SBSD Security Center Service service failed to start due to the
following error: %%1053

Error - 8/4/2012 8:11:11 PM | Computer Name = james-PC | Source = DCOM | ID = 10010
Description =

Error - 8/5/2012 1:10:54 PM | Computer Name = james-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 8/8/2012 3:59:48 AM | Computer Name = james-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 8/8/2012 9:18:20 AM | Computer Name = james-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 8/9/2012 12:00:03 PM | Computer Name = james-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the N360 service.

Error - 8/11/2012 10:07:01 AM | Computer Name = james-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.


< End of report >

[paddiperson]

sorry missed the extras bit here it is

OTL Extras logfile created on: 8/11/2012 4:01:45 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\james\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 46.29% Memory free
3.73 Gb Paging File | 2.04 Gb Available in Paging File | 54.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.22 Gb Total Space | 20.43 Gb Free Space | 35.10% Space Free | Partition Type: NTFS
Drive D: | 155.13 Gb Total Space | 154.97 Gb Free Space | 99.90% Space Free | Partition Type: NTFS

Computer Name: JAMES-PC | User Name: james | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{228D5F6B-82CA-4B1A-ABC9-8CDCF68740AC}" = rport=137 | protocol=17 | dir=out | app=system |
"{28527102-13EB-4F51-8F2D-B83D3112DA9B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2B7E855A-68F9-4F8D-9373-E316F0723B6D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3017B1E7-A4A2-4EF3-86DC-204D94BA8683}" = lport=445 | protocol=6 | dir=in | app=system |
"{325D5A68-05B8-4F56-A747-113798156838}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{39C5C254-1D44-469C-A177-AC117BC95725}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6184BFA4-1AD8-45DE-8E36-1CC0DD2911D9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{64740BAD-5B81-46C4-A1D7-1D75602F0652}" = lport=2869 | protocol=6 | dir=in | app=system |
"{66F8545D-AF6B-4A98-B2DB-904468B8113B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7BFF711B-638B-4260-A2A8-51966DFE77F2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83DDD406-64EE-428B-BAAF-D11E346127FA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{86587BFA-0C28-4D89-9ABD-04F8482E8BFE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{87D3AA19-9528-4604-8545-2DF954E7115D}" = lport=139 | protocol=6 | dir=in | app=system |
"{88C380BE-01AB-489F-B32E-94F07E25C07D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{90F1684D-0CE4-4E21-88F5-16F9A5926B01}" = rport=445 | protocol=6 | dir=out | app=system |
"{9E1F308F-DD3A-425A-B7A4-4C4777E315DB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3B80B5F-8EB7-440D-924C-0F1CDF5ED046}" = lport=138 | protocol=17 | dir=in | app=system |
"{A5E82B39-263B-42CE-82C9-66BD0377F12A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B715E07E-2FB3-4DB8-8758-EF08B7139F90}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C732D24F-41F2-4C60-A975-2CF2DDB58AFA}" = lport=8182 | protocol=6 | dir=in | name=java™ platform se binary |
"{C936B7B6-BC98-4BC8-80ED-F1B661ABEAAB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CDFEC13E-7576-4851-906A-6E797C307FF4}" = rport=138 | protocol=17 | dir=out | app=system |
"{D35AD12D-C512-4E33-9232-ED83C5736D62}" = lport=5353 | protocol=17 | dir=in | name=java™ platform se binary |
"{E5E0A8DF-2FA2-47BE-9D50-69CF40C63FE7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F0742623-7530-4F3C-8C97-C7DC489BE076}" = lport=137 | protocol=17 | dir=in | app=system |
"{FD63A8CF-8021-4745-A807-91415CEC9268}" = rport=139 | protocol=6 | dir=out | app=system |
"{FE922AF4-2AF4-43A3-8906-90A302028ACB}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07AC3FCB-27B2-4146-982C-79EB4E8FE535}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0A3AB688-7EA4-4E82-ABF4-6A9E1CCEF7B4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{0CC3E1FC-A9DA-443D-8C8F-B696C793CBD9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{16E40BC6-CBBF-41F6-9F55-C59D77663F32}" = dir=in | app=c:\users\james\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{1CD00594-B883-4857-829C-6664502A5523}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2FEA3A60-8D8B-4CCB-8276-420E51EDCD6E}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{33C3F477-3349-443C-BFCF-0B7208AE2BAC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{36FFA6A9-E57B-467C-8903-C57905E68EBB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe |
"{3F57F6AB-749C-4708-BA68-61FAF2DED02C}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{3F9FB4CB-5315-4FD3-A000-D3965DB3533A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{430065A0-AEC4-4DF6-A422-EB9718FDFD0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{44880E24-D09C-4A46-9984-8ED4B8ADD9F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{4A343C77-BF2C-4E01-BF5A-0F7DE760B8D4}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{4B324ACF-14B7-4618-9D6A-F59E0DBCADF0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{504F18B5-5389-41F7-97CC-B6909FCD8448}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{571DEA14-A057-4088-A683-D390CFD36D53}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5863A7E2-44CE-45E9-95B5-8B53FB07B144}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{66E3B91A-6C8B-49E9-9ADC-B2188B581C8B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{67512DEF-079F-496F-9B12-6D502126B003}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7E095F5E-CD81-4786-AFA6-6E5E69B089FD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{873115B0-A0EF-4492-AC12-92DDEFCFD0D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe |
"{8842DB6D-4002-4327-BDC6-2C361B0A18F3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{91346ADF-0665-4EE4-BDF6-473FB54C4ABB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{98BFF7B9-606C-48A1-973E-4F955E4E8E7C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iii complete\conquests\civ3conquests.exe |
"{A003061A-A80B-453C-B6B6-0640ED662586}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A56E6091-A6B6-4F69-B838-A95354C19D34}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A6399AC5-AE52-45A6-8F05-6247A1EC73AD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A74B7330-DB77-49DA-9A80-47C559FCE89E}" = protocol=58 | dir=in | [email protected],-28545 |
"{A816E860-13A2-4262-8BF0-3006216B2A55}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iii complete\conquests\civ3conquests.exe |
"{AB7EBC85-CB3A-4A2C-8303-306AD26E337E}" = protocol=6 | dir=out | app=system |
"{B3733E9D-B154-47E4-AFE7-D8107269AB37}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B638E3F5-A460-4BF8-AF4F-A05640163F5D}" = protocol=1 | dir=in | [email protected],-28543 |
"{C3A46C51-86AE-4EC0-9A51-682B6C69E87E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C6B7F51A-9065-45AF-B22D-1932CBA967D4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D2035185-BE1F-4091-AD65-846A92E1CA52}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7EDBA51-34B6-4716-949C-54C1E8D82107}" = protocol=58 | dir=out | [email protected],-28546 |
"{E1E8CB6D-0A7C-4CE0-9F2B-B8859CFBAA70}" = protocol=1 | dir=out | [email protected],-28544 |
"{E8173C47-9BF6-4D39-9415-058175DA9D84}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{EEA732BE-4E11-4755-8F20-B723F5E0440C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F1F6AA74-A656-4D62-AC84-3741CD1BFFDA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{19079FA0-D158-4CB4-90CC-BF3DD01355DE}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{42C5CDC0-1FE6-4AF7-8833-4030E9008A6A}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"TCP Query User{5631318C-5CD4-4E11-BBC6-D3AF5CDD40E2}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe |
"TCP Query User{A3B48453-503F-42CA-8B56-16509A78842B}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"TCP Query User{CF51F26D-8973-4DFE-9811-724F8C9FEC66}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"UDP Query User{46D674AC-8108-4E21-8F9C-C5F38C001581}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{4BDD0211-7F8E-4319-99BB-F4301578807C}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe |
"UDP Query User{A0E7F320-4D1A-4188-934C-8F9A56466BEE}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"UDP Query User{BFBF727F-DE7A-4FB9-B471-17C30D85C15D}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"UDP Query User{CB84FFF2-C52B-4A4B-89EA-E61591577EC0}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Elantech" = ETDWare PS/2-x64 7.0.5.10_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SiS VGA Utilities" = SiS VGA Utilities
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4B9033B-D183-4A6C-9BCB-6BC8F80B939D}" = RPS CRT
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7B8A5E9-CA44-44A0-9393-9EA0FFE4C3FB}" = Alcor Micro USB Card Reader
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ASUS AP Bank_is1" = ASUS AP Bank
"ASUS WebStorage" = ASUS WebStorage
"ASUS_Screensaver" = ASUS_Screensaver
"conduitEngine" = Conduit Engine
"InstallShield_{A7B8A5E9-CA44-44A0-9393-9EA0FFE4C3FB}" = Alcor Micro USB Card Reader
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 14.0.1 (x86 en-GB)" = Mozilla Firefox 14.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PandoraRecovery" = PandoraRecovery (Remove Only)
"Photo Pos Pro" = Photo Pos Pro
"Picasa 3" = Picasa 3
"Pos Free Photo Editor" = Pos Free Photo Editor
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/17/2012 11:11:56 AM | Computer Name = james-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerPlugin_11_3_300_265.exe, version:
11.3.300.265, time stamp: 0x4febd5ac Faulting module name: FlashPlayerPlugin_11_3_300_265.exe,
version: 11.3.300.265, time stamp: 0x4febd5ac Exception code: 0xc0000005 Fault offset:
0x00029647 Faulting process id: 0x16c4 Faulting application start time: 0x01cd642d1c4d3b90
Faulting
application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Faulting
module path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Report
Id: bf3dc402-d021-11e1-a0fc-20cf302d2cdc

Error - 7/17/2012 11:13:23 AM | Computer Name = james-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Media Finder.exe, version: 1.0.9.29, time
stamp: 0x4fec4354 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
time stamp: 0x4e211319 Exception code: 0x0eedfade Fault offset: 0x0000b9bc Faulting
process id: 0x1f2c Faulting application start time: 0x01cd642e667fb565 Faulting application
path: C:\Program Files (x86)\Media Finder\Media Finder.exe Faulting module path:
C:\Windows\syswow64\KERNELBASE.dll Report Id: f2b80278-d021-11e1-a0fc-20cf302d2cdc

Error - 7/17/2012 11:31:13 AM | Computer Name = james-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Media Finder.exe, version: 1.0.9.29, time
stamp: 0x4fec4354 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
time stamp: 0x4e211319 Exception code: 0x0eedfade Fault offset: 0x0000b9bc Faulting
process id: 0x1068 Faulting application start time: 0x01cd643102c191cb Faulting application
path: C:\Program Files (x86)\Media Finder\Media Finder.exe Faulting module path:
C:\Windows\syswow64\KERNELBASE.dll Report Id: 70c1ca9a-d024-11e1-a0fc-20cf302d2cdc

Error - 7/17/2012 11:48:57 AM | Computer Name = james-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Media Finder.exe, version: 1.0.9.29, time
stamp: 0x4fec4354 Faulting module name: borlndmm.dat, version: 14.0.3593.25826,
time stamp: 0x4aef965c Exception code: 0xc0000005 Fault offset: 0x00005195 Faulting
process id: 0x16a8 Faulting application start time: 0x01cd64313d123fd2 Faulting application
path: C:\Program Files (x86)\Media Finder\Media Finder.exe Faulting module path:
C:\Program Files (x86)\Media Finder\borlndmm.dat Report Id: ea8eb95e-d026-11e1-a0fc-20cf302d2cdc

Error - 7/17/2012 11:55:07 AM | Computer Name = james-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Fighters\FULL-DISKfighter\Common
Toolkit Tools.exe".Error in manifest or policy file "" on line . A component version
required by the application conflicts with another component version already active.
Conflicting
components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251.manifest.

Error - 7/17/2012 12:10:23 PM | Computer Name = james-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerPlugin_11_3_300_265.exe, version:
11.3.300.265, time stamp: 0x4febd5ac Faulting module name: NPSWF32_11_3_300_265.dll,
version: 11.3.300.265, time stamp: 0x4febd798 Exception code: 0xc0000005 Fault offset:
0x000c7f5c Faulting process id: 0x19ac Faulting application start time: 0x01cd64364d52abcf
Faulting
application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Faulting
module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll Report
Id: e954e914-d029-11e1-a0fc-20cf302d2cdc

Error - 7/17/2012 6:16:44 PM | Computer Name = james-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 7/17/2012 6:16:48 PM | Computer Name = james-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Fighters\FULL-DISKfighter\Common
Toolkit Tools.exe".Error in manifest or policy file "" on line . A component version
required by the application conflicts with another component version already active.
Conflicting
components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251.manifest.

Error - 7/17/2012 6:17:39 PM | Computer Name = james-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 7/18/2012 7:46:12 PM | Computer Name = james-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 7/18/2012 7:46:40 PM | Computer Name = james-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 8/4/2012 8:00:50 PM | Computer Name = james-PC | Source = Service Control Manager | ID = 7000
Description = The Application Virtualization Client service failed to start due
to the following error: %%1053

Error - 8/4/2012 8:00:50 PM | Computer Name = james-PC | Source = Service Control Manager | ID = 7001
Description = The Client Virtualization Handler service depends on the Application
Virtualization Client service which failed to start because of the following error:
%%1053

Error - 8/4/2012 8:01:20 PM | Computer Name = james-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the SBSD
Security Center Service service to connect.

Error - 8/4/2012 8:01:20 PM | Computer Name = james-PC | Source = Service Control Manager | ID = 7000
Description = The SBSD Security Center Service service failed to start due to the
following error: %%1053

Error - 8/4/2012 8:11:11 PM | Computer Name = james-PC | Source = DCOM | ID = 10010
Description =

Error - 8/5/2012 1:10:54 PM | Computer Name = james-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 8/8/2012 3:59:48 AM | Computer Name = james-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 8/8/2012 9:18:20 AM | Computer Name = james-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 8/9/2012 12:00:03 PM | Computer Name = james-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the N360 service.

Error - 8/11/2012 10:07:01 AM | Computer Name = james-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.


< End of report >

[Gammo]

Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Check the box that says Scan All Users.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

[paddiperson]

OTL logfile created on: 8/14/2012 4:51:45 PM - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\james\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 44.42% Memory free
3.73 Gb Paging File | 2.00 Gb Available in Paging File | 53.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.22 Gb Total Space | 20.39 Gb Free Space | 35.03% Space Free | Partition Type: NTFS
Drive D: | 155.13 Gb Total Space | 154.97 Gb Free Space | 99.90% Space Free | Partition Type: NTFS

Computer Name: JAMES-PC | User Name: james | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/11 16:09:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\james\Downloads\OTL.scr
PRC - [2012/08/03 01:17:22 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
PRC - [2012/07/25 09:46:44 | 001,326,176 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2012/07/18 07:51:30 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/28 00:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/07/29 11:11:41 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009/11/24 21:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/11/12 18:10:06 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/08/12 22:20:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/08/12 20:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009/07/31 18:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/06/19 18:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/23 01:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/14 05:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/14 04:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2007/11/30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/03 01:17:21 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
MOD - [2012/07/18 07:51:29 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
MOD - [2009/11/24 21:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009/11/12 18:10:06 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2007/11/30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/12/08 00:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/03 01:17:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/25 09:46:44 | 001,326,176 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/07/18 07:51:30 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/28 00:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe -- (N360)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/28 08:21:27 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/29 07:28:38 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/03/29 07:28:30 | 001,092,728 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2012/03/29 07:28:25 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\SymDS64.sys -- (SymDS)
DRV:64bit: - [2012/03/29 07:06:25 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/29 07:03:27 | 000,737,912 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/03/29 07:03:27 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/29 23:44:29 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/01/18 13:37:57 | 000,128,512 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/12/28 07:16:45 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/11/12 03:05:35 | 000,558,080 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SISGRKMD.sys -- (SiS6350)
DRV:64bit: - [2009/10/05 02:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/19 05:30:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2009/09/19 05:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2009/09/19 05:30:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2009/08/20 03:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/08/18 04:44:19 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/01 09:08:25 | 000,067,104 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SISAGPX.SYS -- (SISAGP)
DRV:64bit: - [2009/07/20 10:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/13 02:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/05/24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2012/08/14 14:22:29 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120813.033\ex64.sys -- (NAVEX15)
DRV - [2012/08/14 14:22:29 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120813.033\eng64.sys -- (NAVENG)
DRV - [2012/08/11 01:25:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120811.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/09 04:13:54 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/09 04:13:54 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys -- (EraserUtilDrv11220)
DRV - [2012/07/27 07:37:10 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120813.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/06/08 10:27:54 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...2-70E6ECE3B735}
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-759374429-2706350353-1693500145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-759374429-2706350353-1693500145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-759374429-2706350353-1693500145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-759374429-2706350353-1693500145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-759374429-2706350353-1693500145-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-759374429-2706350353-1693500145-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-759374429-2706350353-1693500145-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-759374429-2706350353-1693500145-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00074f06d8bd83b
IE - HKU\S-1-5-21-759374429-2706350353-1693500145-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKU\S-1-5-21-759374429-2706350353-1693500145-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-759374429-2706350353-1693500145-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpr...q={searchTerms}
IE - HKU\S-1-5-21-759374429-2706350353-1693500145-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://uk.ask.com/we...il&geo=GB&ver=5
IE - HKU\S-1-5-21-759374429-2706350353-1693500145-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.babylo...4f06d8bd83b&q="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\james\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012/07/28 10:25:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2012/08/05 01:00:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 07:51:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/14 08:46:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 07:51:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/14 08:46:30 | 000,000,000 | ---D | M]

[2010/09/23 07:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\james\AppData\Roaming\Mozilla\Extensions
[2012/07/18 08:09:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\extensions
[2012/07/17 01:09:49 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/05/15 11:55:11 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\extensions\[email protected]
[2012/03/27 09:46:07 | 000,001,210 | ---- | M] () -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\searchplugins\search.xml
[2011/12/04 18:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/28 10:25:00 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPLGN
[2012/07/18 07:51:31 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/17 17:43:50 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/07/17 16:58:15 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/06/17 17:43:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/17 17:43:50 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/06/17 17:43:50 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/06/17 17:43:50 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/06/17 17:43:50 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========


O1 HOSTS File: ([2012/03/27 11:59:44 | 000,001,395 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 149.5.18.172 www.google-analytics.com.
O1 - Hosts: 149.5.18.172 ad-emea.doubleclick.net.
O1 - Hosts: 149.5.18.172 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-759374429-2706350353-1693500145-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-759374429-2706350353-1693500145-1000\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ServiceManager.exe] "C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-759374429-2706350353-1693500145-1000..\Run: [Facebook Update] C:\Users\james\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-759374429-2706350353-1693500145-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Fishdom/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Fishdom/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F4513BC-3AEC-4197-B57F-AEAEFB4666E3}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/11 16:50:39 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\Secunia PSI
[2012/08/11 16:48:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012/08/09 18:27:15 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Malwarebytes
[2012/08/09 18:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/09 18:26:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/09 18:26:53 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/09 18:26:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/09 09:42:13 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{EAB12330-A881-4520-ABF1-A5C94B72B20E}
[2012/08/09 09:42:02 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{7FCE2094-B5B3-4350-AF37-2DA122283CDD}
[2012/08/08 21:41:27 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{F368B4E9-D8A4-4AC3-A11C-E386020D6A61}
[2012/08/08 21:41:08 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{9C85C851-B68C-4CD4-9D53-24F101A13C85}
[2012/08/08 09:40:44 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{E163F308-771B-4683-890F-C97E698C1DF3}
[2012/08/08 09:40:33 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{D6F3C027-3540-4CB9-A6AB-7075207C9C52}
[2012/08/07 21:40:14 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{6D4B84F6-760B-4034-8DDD-841B52F33753}
[2012/08/07 21:40:02 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{0BE29FD6-055B-4DA3-91EE-199B66D26A83}
[2012/08/07 09:39:42 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{13FFFC0F-0745-4C3A-832C-BF64E42D29E1}
[2012/08/07 09:39:29 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{A6CDBA2B-6191-43FD-81BA-17584DA4D0E6}
[2012/08/06 21:38:47 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{D49EC34F-AE22-41B5-94AD-683421114ACB}
[2012/08/06 21:38:29 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{F2E33C8A-BCF8-4470-AA8B-DC08D6C28D14}
[2012/08/06 09:38:11 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{C23F39E8-3163-481D-A497-56DC9FE4F6F7}
[2012/08/06 09:38:00 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{EFF0B982-85ED-4545-9169-47DE554C5776}
[2012/08/05 21:37:09 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{28BB13FE-5D74-4B2A-AE4C-E63FBD9CCF61}
[2012/08/05 21:36:54 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{9E17497E-6AE3-4B35-B8D5-77D44291461B}
[2012/08/05 09:36:38 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{E14C47BC-2525-4AA5-B381-38A8A8D9EE41}
[2012/08/05 09:36:27 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{4A2FD1DC-1072-492B-9E15-BC0CF1FA9C1F}
[2012/08/04 21:59:34 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\Facebook
[2012/08/04 21:35:40 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{083C9DDB-4711-4C95-9481-D1E52CB0D8D8}
[2012/08/04 21:35:27 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{8B0401AA-AD36-438F-8600-A014F87254E4}
[2012/08/04 09:35:12 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{0E16C8B8-480E-4970-A8DC-A21EEB3A11FB}
[2012/08/04 09:35:01 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{7369E6B3-4ABF-40DA-9BDD-72BE7C772675}
[2012/08/03 21:34:36 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{5BF5C2D4-9F82-44CC-BC1F-719A75CB40C6}
[2012/08/03 21:34:08 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{C510A9FB-FCCA-4695-B859-081B88ECBDCD}
[2012/08/03 09:33:52 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{CB522177-F641-460D-A7BF-60C0F9E32DFE}
[2012/08/03 09:33:42 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{D9A7D87C-6224-4C3D-94C9-1A8812B80909}
[2012/08/02 21:33:26 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{F5AD3D82-90AB-4E2F-A39E-860ADF5F2909}
[2012/08/02 21:33:15 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{14771856-D37C-4328-A908-079B28F29414}
[2012/08/02 09:32:33 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{6E7611DF-1E15-4A2B-A399-2056D3AB72F0}
[2012/08/02 09:32:20 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{EE2E073D-64C7-418B-96BD-87FDC14209E7}
[2012/08/01 15:05:39 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{630A5F21-2154-4427-9153-94799369A877}
[2012/08/01 15:04:38 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{9D0E4C84-1679-4541-99A8-024B1AD9614C}
[2012/07/31 22:35:15 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{44463863-CBED-4D2B-80D1-EE4E477337B2}
[2012/07/31 22:33:20 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{C308419B-2B34-4119-902C-CBF9F846D1B7}
[2012/07/31 10:32:41 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{8D3FE256-0841-4FF6-934A-320E9632EB21}
[2012/07/31 10:32:28 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{10CC1B8F-547E-4646-BB53-37143B3B9B98}
[2012/07/30 22:31:54 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{0259F957-DCD9-45B6-AC6B-8B0E3152C4F5}
[2012/07/30 22:31:39 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{CC7C93E9-BABF-467E-8610-2BFD05D35B10}
[2012/07/30 10:31:13 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{29532B9E-0C5A-4F67-9E03-11F55034973F}
[2012/07/30 10:30:58 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{C23E5352-054A-43A4-A0A2-0126FC34B46D}
[2012/07/29 22:30:41 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{34503E90-7605-4B28-85C0-95194E197E73}
[2012/07/29 22:30:30 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{4968C147-B17C-4EFE-ADB2-2378E27B3244}
[2012/07/29 10:30:11 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{49580636-CA53-478D-B71E-DBA3B89037BA}
[2012/07/29 10:29:59 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{78251059-991F-420A-9C97-E6ACA65195E0}
[2012/07/28 22:25:33 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{58C5822C-C19E-41E5-9265-8CEBC2173FAA}
[2012/07/28 22:24:16 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{4A07AD05-AEF9-42FC-B5BF-B47BA337D979}
[2012/07/28 10:23:28 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{8B8BEA5A-31D3-4390-AE57-396D30701CAE}
[2012/07/28 10:23:08 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{FD037629-F33C-43BF-8DB3-20049C574E18}
[2012/07/27 18:02:08 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{6AE07A41-8161-4BF0-8815-9E1D30878596}
[2012/07/27 18:01:24 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{F3A54186-D1C4-4AE4-89ED-6FF24D5BCAF2}
[2012/07/20 14:18:47 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{A12B0BE8-06CE-4076-97E6-FBE9EA205411}
[2012/07/20 02:18:16 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{BEF6B28B-2204-4413-A5A0-EC6F6E0AD758}
[2012/07/20 02:18:05 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{EF1E6536-DEB4-42E9-A041-434E9DAF5D1A}
[2012/07/19 14:17:33 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{7A2E1125-3205-4897-AFAD-41DDAA91103C}
[2012/07/19 14:17:10 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{89FE9700-1337-486B-BEE6-2317951DCCB6}
[2012/07/18 16:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012/07/18 10:53:24 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sys
[2012/07/18 10:53:18 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photo Pos Pro
[2012/07/18 10:52:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photo Pos Pro
[2012/07/18 07:48:32 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{0F62630D-195B-41D3-8E6C-7E0876FC0C39}
[2012/07/18 07:47:56 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{56C79180-51E6-4EBA-9F28-EEE1DA35D9A0}
[2012/07/17 20:44:35 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\FrmMain
[2012/07/17 17:29:42 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pos Free Photo Editor
[2012/07/17 17:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Thraex Software
[2012/07/17 17:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pos Free Photo Editor
[2012/07/17 16:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/07/17 16:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/07/17 16:22:44 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Fly Free Photo Editing & Viewer
[2012/07/17 16:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\5DFly Software Team
[2012/07/17 16:18:22 | 000,000,000 | ---D | C] -- C:\ProgramData\5DFly Software
[2012/07/17 16:06:13 | 000,000,000 | ---D | C] -- C:\Users\james\Desktop\Download
[2012/07/17 11:21:08 | 000,000,000 | ---D | C] -- C:\Users\james\Documents\Wondershare DVD Slideshow Builder Deluxe
[2012/07/17 11:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Wondershare
[2012/07/17 11:20:45 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\Wondershare
[2012/07/17 11:20:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare
[2012/07/17 11:19:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare
[2012/07/17 03:50:14 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{F6B1A3D1-80A9-4CBC-B0F5-07FFD16F11AF}
[2012/07/17 03:50:02 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{166F681A-2093-4388-A9E0-35C04C65F30D}
[2012/07/16 15:49:13 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{6363A747-58ED-4BCD-900B-C6E60ED9E6C2}
[2012/07/16 15:48:51 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{FE3358F4-95B7-4DF1-8000-34B992055B98}
[2012/07/16 03:48:36 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{C6B29A10-BE5C-4849-B365-261D392D6023}
[2012/07/16 03:48:24 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{D0FB1BDD-E918-4EFD-AB7B-5688FDD26903}

========== Files - Modified Within 30 Days ==========

[2012/08/14 16:47:04 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/14 16:17:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/14 16:11:03 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-759374429-2706350353-1693500145-1000UA.job
[2012/08/14 13:06:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/14 02:47:25 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/13 22:11:04 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-759374429-2706350353-1693500145-1000Core.job
[2012/08/12 14:10:20 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/12 14:10:20 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/11 16:48:36 | 000,001,108 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/08/09 18:27:02 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/05 00:59:16 | 1503,354,880 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/01 20:09:08 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012/07/28 13:25:10 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\VT20120410.034
[2012/07/28 10:22:51 | 000,002,301 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/07/28 10:22:14 | 002,211,179 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\Cat.DB
[2012/07/28 08:21:27 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/07/28 08:21:27 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/07/28 08:21:27 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/07/18 16:08:50 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012/07/18 10:53:39 | 000,212,878 | ---- | M] () -- C:\Windows\Photo Pos Pro Uninstaller.exe
[2012/07/18 10:53:18 | 000,001,973 | ---- | M] () -- C:\Users\james\Desktop\Photo Pos Pro.lnk
[2012/07/18 08:14:58 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/18 07:57:19 | 000,001,970 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/07/18 07:57:13 | 000,001,264 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/07/18 07:51:39 | 000,002,046 | ---- | M] () -- C:\Users\james\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/18 07:45:24 | 000,001,439 | ---- | M] () -- C:\Users\james\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/17 17:30:17 | 000,123,412 | ---- | M] () -- C:\Windows\Pos Free Photo Editor Uninstaller.exe
[2012/07/17 17:29:42 | 000,001,150 | ---- | M] () -- C:\Users\james\Desktop\Pos Free Photo Editor.lnk
[2012/07/17 17:00:08 | 000,000,247 | ---- | M] () -- C:\user.js
[2012/07/17 16:13:15 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/07/17 16:13:11 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

========== Files Created - No Company Name ==========

[2012/08/11 16:48:35 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/08/11 16:48:34 | 000,001,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012/08/09 18:27:02 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/01 20:09:07 | 000,045,056 | ---- | C] () -- C:\Windows\SysNative\acovcnt.exe
[2012/07/18 16:08:50 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012/07/18 10:53:39 | 000,212,878 | ---- | C] () -- C:\Windows\Photo Pos Pro Uninstaller.exe
[2012/07/18 10:53:16 | 000,001,973 | ---- | C] () -- C:\Users\james\Desktop\Photo Pos Pro.lnk
[2012/07/17 17:30:17 | 000,123,412 | ---- | C] () -- C:\Windows\Pos Free Photo Editor Uninstaller.exe
[2012/07/17 17:29:41 | 000,001,150 | ---- | C] () -- C:\Users\james\Desktop\Pos Free Photo Editor.lnk
[2012/07/17 16:59:42 | 000,000,247 | ---- | C] () -- C:\user.js
[2012/07/17 16:13:15 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/07/17 16:13:11 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/27 09:45:23 | 000,000,288 | ---- | C] () -- C:\Users\james\AppData\Roaming\48A9BD50.reg
[2012/01/25 20:05:27 | 000,207,872 | ---- | C] () -- C:\Windows\SysWow64\OneWay.dll
[2011/12/19 08:43:08 | 000,000,000 | ---- | C] () -- C:\Users\james\AppData\Local\{C90C1AC1-9633-4AD6-86E7-E03B631A8190}
[2011/12/16 08:12:59 | 000,000,000 | ---- | C] () -- C:\Users\james\AppData\Local\{022E2C07-2E39-458C-8936-3CF90D494E48}
[2011/12/14 08:41:26 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/09/30 06:41:06 | 000,000,000 | ---- | C] () -- C:\Users\james\AppData\Local\{3F6EC839-54E9-405C-B248-FB9111464BE5}
[2011/09/29 16:24:58 | 000,000,093 | ---- | C] () -- C:\Users\james\AppData\Local\fusioncache.dat
[2011/08/10 15:02:22 | 000,007,625 | ---- | C] () -- C:\Users\james\AppData\Roaming\.freeciv-client-rc-2.3
[2011/05/23 18:21:45 | 000,000,000 | ---- | C] () -- C:\Users\james\AppData\Local\{0D011A05-BFAB-4C38-95EE-4D9E797C8E27}
[2011/05/17 19:14:22 | 000,000,000 | ---- | C] () -- C:\Users\james\AppData\Local\{F966573A-A6C7-46E8-9B8A-C57A6229781D}
[2010/10/02 10:40:58 | 000,007,604 | ---- | C] () -- C:\Users\james\AppData\Local\Resmon.ResmonCfg
[2010/09/27 16:54:35 | 000,779,692 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/22 19:46:42 | 000,000,000 | ---- | C] () -- C:\Users\james\jagex__preferences3.dat
[2010/09/22 19:46:33 | 000,000,129 | ---- | C] () -- C:\Users\james\jagex_runescape_preferences2.dat
[2010/09/22 19:45:18 | 000,000,046 | ---- | C] () -- C:\Users\james\jagex_runescape_preferences.dat
[2010/09/22 14:17:04 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2010/07/29 10:51:56 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== LOP Check ==========

[2011/08/25 14:40:56 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\.freeciv
[2010/09/22 03:07:05 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Asus WebStorage
[2011/01/16 11:52:43 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\AVG10
[2010/10/19 19:44:19 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Firaxis Games
[2012/07/17 16:22:44 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Fly Free Photo Editing & Viewer
[2012/07/18 10:54:56 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\FrmMain
[2011/09/30 07:59:14 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\My Games
[2012/06/21 11:38:00 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\PandoraRecovery
[2011/04/25 20:41:48 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Radialpoint
[2012/08/01 14:46:34 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\SoftGrid Client
[2010/11/08 22:43:38 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\SpinTop
[2010/09/27 16:56:26 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\TP
[2012/08/09 18:45:39 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\uTorrent
[2012/03/29 20:51:57 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Virgin Media
[2011/07/03 20:18:50 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Windows Live Writer
[2012/08/13 22:11:04 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-759374429-2706350353-1693500145-1000Core.job
[2012/08/14 16:11:03 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-759374429-2706350353-1693500145-1000UA.job
[2012/06/27 19:49:52 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:2F370DA6
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:3E16E7A6

< End of report >

[Gammo]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...2-70E6ECE3B735}
  IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
  IE - HKU\S-1-5-21-759374429-2706350353-1693500145-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
  IE - HKU\S-1-5-21-759374429-2706350353-1693500145-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00074f06d8bd83b
  IE - HKU\S-1-5-21-759374429-2706350353-1693500145-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpr...q={searchTerms}
  IE - HKU\S-1-5-21-759374429-2706350353-1693500145-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://uk.ask.com/we...il&geo=GB&ver=5
  FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
  FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
  FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
  FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
  FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=113959&tt=2912_7&babsrc=KW_ss&mntrId=04437d1900000000000074f06d8bd83b&q="
  [2012/07/17 01:09:49 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
  [2011/05/15 11:55:11 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\extensions\[email protected]
  [2012/03/27 09:46:07 | 000,001,210 | ---- | M] () -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\searchplugins\search.xml
  [2012/07/17 16:58:15 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
  O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
  O3 - HKU\S-1-5-21-759374429-2706350353-1693500145-1000\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
  [2012/07/17 16:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
  [2012/03/27 09:45:23 | 000,000,288 | ---- | C] () -- C:\Users\james\AppData\Roaming\48A9BD50.reg
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [emptyflash]
  [createrestorepoint]
  [reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[paddiperson]

Thanks for all your help sofar this is the text that otl put up after it ran but i am not sure if combofix ran i did as yo asked but it has not produced a log text
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
HKEY_USERS\S-1-5-21-759374429-2706350353-1693500145-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-759374429-2706350353-1693500145-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-759374429-2706350353-1693500145-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
Registry key HKEY_USERS\S-1-5-21-759374429-2706350353-1693500145-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: [email protected]:3.2.5.2 removed from extensions.enabledItems
Prefs.js: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2 removed from extensions.enabledItems
Prefs.js: "http://search.babylo...4f06d8bd83b&q=" removed from keyword.URL
C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.
C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\Plugins folder moved successfully.
C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules folder moved successfully.
C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.
C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.
C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.
C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.
C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.
C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\extensions\[email protected]\searchplugin folder moved successfully.
C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\extensions\[email protected]\META-INF folder moved successfully.
C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\extensions\[email protected]\lib folder moved successfully.
C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\extensions\[email protected]\DualPackage folder moved successfully.
C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\extensions\[email protected]\components folder moved successfully.
C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\extensions\[email protected] folder moved successfully.
C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\searchplugins\search.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry value HKEY_USERS\S-1-5-21-759374429-2706350353-1693500145-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
C:\ProgramData\Babylon folder moved successfully.
C:\Users\james\AppData\Roaming\48A9BD50.reg moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\james\Downloads\cmd.bat deleted successfully.
C:\Users\james\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: james
->Temp folder emptied: 123794 bytes
->Temporary Internet Files folder emptied: 7853601 bytes
->Java cache emptied: 11451289 bytes
->FireFox cache emptied: 48528507 bytes
->Flash cache emptied: 3161582 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 143113 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 68.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: james
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.56.0 log created on 08152012_070747

Files\Folders moved on Reboot...
C:\Users\james\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WZY8ZA5X\1@x14[1].htm not found!
File\Folder C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WZY8ZA5X\ADSAdClient31[1].htm not found!
File\Folder C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WZY8ZA5X\tt[1].htm not found!
File\Folder C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V39DJJUS\11345010501@x50[1].htm not found!
File\Folder C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V39DJJUS\1@x13[1].htm not found!
File\Folder C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V39DJJUS\adoapn_AppNexusDemoActionTag_1[1].htm not found!
C:\Users\james\AppData\Local\Mozilla\Firefox\Profiles\c6ylah3q.default\Cache\_CACHE_001_ moved successfully.
C:\Users\james\AppData\Local\Mozilla\Firefox\Profiles\c6ylah3q.default\Cache\_CACHE_002_ moved successfully.
C:\Users\james\AppData\Local\Mozilla\Firefox\Profiles\c6ylah3q.default\Cache\_CACHE_003_ moved successfully.
C:\Users\james\AppData\Local\Mozilla\Firefox\Profiles\c6ylah3q.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\james\AppData\Local\Mozilla\Firefox\Profiles\c6ylah3q.default\urlclassifier3.sqlite moved successfully.

PendingFileRenameOperations files...
File C:\Users\james\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WZY8ZA5X\1@x14[1].htm not found!
File C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WZY8ZA5X\ADSAdClient31[1].htm not found!
File C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WZY8ZA5X\tt[1].htm not found!
File C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V39DJJUS\11345010501@x50[1].htm not found!
File C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V39DJJUS\1@x13[1].htm not found!
File C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V39DJJUS\adoapn_AppNexusDemoActionTag_1[1].htm not found!
File C:\Users\james\AppData\Local\Mozilla\Firefox\Profiles\c6ylah3q.default\Cache\_CACHE_001_ not found!
File C:\Users\james\AppData\Local\Mozilla\Firefox\Profiles\c6ylah3q.default\Cache\_CACHE_002_ not found!
File C:\Users\james\AppData\Local\Mozilla\Firefox\Profiles\c6ylah3q.default\Cache\_CACHE_003_ not found!
File C:\Users\james\AppData\Local\Mozilla\Firefox\Profiles\c6ylah3q.default\Cache\_CACHE_MAP_ not found!
File C:\Users\james\AppData\Local\Mozilla\Firefox\Profiles\c6ylah3q.default\urlclassifier3.sqlite not found!

Registry entries deleted on Reboot...

Edited by paddiperson, 15 August 2012 - 12:32 AM.

[Gammo]

Please check for the presence of the ComboFix log file at these locations:

C:\Combofix.txt
C:\qoobox\combofix.txt

If it isn't there either, please rerun ComboFix and post the resulting log file (if it creates one this time).

[paddiperson]

ok doing it now

[paddiperson]

here is the combo fix text the system seems to be running quicker and no popups comming on the websites so fingers crossed you have fixed it thanks xx
ComboFix 12-08-14.05 - james 15/08/2012 14:55:58.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1912.726 [GMT 1:00]
Running from: c:\users\james\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\msvcr71.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 14:19 . 2012-08-15 14:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-15 06:07 . 2012-08-15 06:07 -------- d-----w- C:\_OTL
2012-08-15 00:49 . 2012-08-15 02:32 -------- d-----w- c:\windows\system32\drivers\N360x64\0603000.00E
2012-08-15 00:02 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 00:02 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 00:02 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 00:02 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 00:02 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 00:02 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 00:01 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 00:01 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 00:01 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 00:01 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 00:01 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 00:01 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-11 15:50 . 2012-08-11 15:50 -------- d-----w- c:\users\james\AppData\Local\Secunia PSI
2012-08-11 15:48 . 2012-08-11 15:48 -------- d-----w- c:\program files (x86)\Secunia
2012-08-09 17:27 . 2012-08-09 17:27 -------- d-----w- c:\users\james\AppData\Roaming\Malwarebytes
2012-08-09 17:26 . 2012-08-09 17:26 -------- d-----w- c:\programdata\Malwarebytes
2012-08-09 17:26 . 2012-08-09 17:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-09 17:26 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-04 20:59 . 2012-08-04 21:00 -------- d-----w- c:\users\james\AppData\Local\Facebook
2012-08-01 19:09 . 2012-08-15 02:35 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-07-18 09:53 . 2012-07-18 09:53 212878 ----a-w- c:\windows\Photo Pos Pro Uninstaller.exe
2012-07-18 09:52 . 2012-07-18 11:30 -------- d-----w- c:\program files (x86)\Photo Pos Pro
2012-07-17 19:44 . 2012-07-18 09:54 -------- d-----w- c:\users\james\AppData\Roaming\FrmMain
2012-07-17 16:30 . 2012-07-17 16:30 123412 ----a-w- c:\windows\Pos Free Photo Editor Uninstaller.exe
2012-07-17 16:29 . 2012-07-17 16:48 -------- d-----w- c:\program files (x86)\Pos Free Photo Editor
2012-07-17 16:29 . 2012-07-17 16:29 -------- d-----w- c:\program files (x86)\Common Files\Thraex Software
2012-07-17 16:00 . 2005-04-15 18:58 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-07-17 16:00 . 2004-03-08 23:00 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2012-07-17 15:59 . 2012-07-17 16:00 247 ----a-w- C:\user.js
2012-07-17 15:52 . 2012-07-18 06:51 -------- d-----w- c:\programdata\Tarma Installer
2012-07-17 15:22 . 2012-07-17 15:22 -------- d-----w- c:\users\james\AppData\Roaming\Fly Free Photo Editing & Viewer
2012-07-17 15:20 . 2012-07-17 15:20 -------- d-----w- c:\programdata\5DFly Software Team
2012-07-17 15:18 . 2012-07-17 15:18 -------- d-----w- c:\programdata\5DFly Software
2012-07-17 10:21 . 2012-07-17 10:21 -------- d-----w- c:\programdata\Wondershare
2012-07-17 10:20 . 2012-07-17 10:20 -------- d-----w- c:\users\james\AppData\Local\Wondershare
2012-07-17 10:20 . 2012-07-17 10:20 -------- d-----w- c:\program files (x86)\Common Files\Wondershare
2012-07-17 10:19 . 2012-07-17 10:19 -------- d-----w- c:\program files (x86)\Wondershare
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 13:17 . 2012-05-27 12:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 13:17 . 2011-09-08 08:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 02:02 . 2011-03-16 19:50 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-28 07:21 . 2012-03-29 19:19 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-06-25 15:04 . 2012-06-25 15:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-25 09:54 . 2012-06-25 09:54 647300 ----a-w- c:\windows\SysWow64\PosIpLiB.dll
2012-06-09 05:43 . 2012-07-11 18:23 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 18:24 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 18:24 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 18:21 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 18:24 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 18:24 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 18:21 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-19 08:44 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 08:45 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 08:45 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 08:45 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 08:44 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 08:45 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 08:44 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-19 08:44 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-19 08:44 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 18:23 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 18:23 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 18:23 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 18:23 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 18:23 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 18:23 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 18:23 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 18:23 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 18:23 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\james\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-04 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-07-29 2429]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-12-28 44032]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-01-18 128512]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-07-25 1326176]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 161280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-23 1255736]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS [2012-03-29 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-08-11 1385120]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120814.005\IDSvia64.sys [2012-07-27 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [2012-03-29 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0603000.00E\SYMNETS.SYS [2012-03-29 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-12-07 379520]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe [2012-06-16 138272]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-15 138912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-18 236544]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2009-11-12 558080]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PSI
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-19 13:17]
.
2012-08-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-759374429-2706350353-1693500145-1000Core.job
- c:\users\james\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-04 21:05]
.
2012-08-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-759374429-2706350353-1693500145-1000UA.job
- c:\users\james\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-04 21:05]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 09:50]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 09:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\james\AppData\Roaming\Mozilla\Firefox\Profiles\c6ylah3q.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113959&tt=2912_7
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 04437d1900000000000074f06d8bd83b
FF - user.js: extensions.BabylonToolbar_i.hardId - 04437d1900000000000074f06d8bd83b
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15538
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:58
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-ServiceManager.exe - c:\program files (x86)\Virgin Media\Service Manager\ServiceManager.exe
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.3.0.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-759374429-2706350353-1693500145-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-759374429-2706350353-1693500145-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-15 15:28:50
ComboFix-quarantined-files.txt 2012-08-15 14:28
.
Pre-Run: 21,689,233,408 bytes free
Post-Run: 23,246,860,288 bytes free
.
- - End Of File - - F9EA5B04E48731FFA3690F9A0F54ABBA

Edited by paddiperson, 15 August 2012 - 08:31 AM.

[Gammo]

Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
  
• Please follow the prompts to uninstall Combofix.
• You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

• Download OTC to your desktop and run it
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
• Click Yes to begin the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Google Chrome and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these.

The WOT add-on will nicely help to enhance your security, no matter which web browser you use. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.

• A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo