TechSpot

Google Redirect and Frequent BSOD on Windows 7

Solved
By Jonny Napalm
Feb 24, 2011
Topic Status:
Not open for further replies.
  1. Hello, recently I have gotten infected with maleware. This was about 2 weeks ago, I was just about to wipe my computer and start again but then I came accross this site so, here goes.

    I am running Windows 7 Home Premium x64 I got infected when trying to find a crack for a game. Since then I have been getting redirected from google and frequent BSOD errors. The errors I have encountered are:

    System_Service_Exception
    0x0000003B

    IRQL_NOT_LESS_OR_EQUAL
    0x0000000A

    0x0000001E

    0x00000024

    0x000000F7

    These errors usually apear when starting up windows or when trying to install or uninstall programes.

    I have read the 8 step thing and have tried them but Step 5and step 4 don't work. When I start up DDS it pops up with a CMD type box telling me what it does and then a notepad full of random characters opens and nothing else happens.
    Also when I try to save the logs after I have scanned GMER, a .log file is saved but there are no logs inside of it.


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5873

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    25/02/2011 01:12:28
    mbam-log-2011-02-25 (01-12-28).txt

    Scan type: Quick scan
    Objects scanned: 143782
    Time elapsed: 2 minute(s), 2 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  2. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  3. Jonny Napalm

    Jonny Napalm TS Rookie Topic Starter Posts: 16

    Okay, thanks for reply, here are the logs for the TDSSKiller

    2011/02/25 09:36:28.0251 3428 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
    2011/02/25 09:36:28.0673 3428 ================================================================================
    2011/02/25 09:36:28.0673 3428 SystemInfo:
    2011/02/25 09:36:28.0673 3428
    2011/02/25 09:36:28.0673 3428 OS Version: 6.1.7600 ServicePack: 0.0
    2011/02/25 09:36:28.0673 3428 Product type: Workstation
    2011/02/25 09:36:28.0673 3428 ComputerName: JON-PC
    2011/02/25 09:36:28.0673 3428 UserName: Jon
    2011/02/25 09:36:28.0673 3428 Windows directory: C:\Windows
    2011/02/25 09:36:28.0673 3428 System windows directory: C:\Windows
    2011/02/25 09:36:28.0673 3428 Running under WOW64
    2011/02/25 09:36:28.0673 3428 Processor architecture: Intel x64
    2011/02/25 09:36:28.0673 3428 Number of processors: 4
    2011/02/25 09:36:28.0673 3428 Page size: 0x1000
    2011/02/25 09:36:28.0673 3428 Boot type: Normal boot
    2011/02/25 09:36:28.0673 3428 ================================================================================
    2011/02/25 09:36:28.0829 3428 Initialize success
    2011/02/25 09:36:41.0168 4416 ================================================================================
    2011/02/25 09:36:41.0168 4416 Scan started
    2011/02/25 09:36:41.0168 4416 Mode: Manual;
    2011/02/25 09:36:41.0168 4416 ================================================================================
    2011/02/25 09:36:43.0945 4416 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/02/25 09:36:43.0961 4416 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/02/25 09:36:43.0976 4416 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/02/25 09:36:44.0007 4416 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/02/25 09:36:44.0023 4416 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/02/25 09:36:44.0054 4416 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/02/25 09:36:44.0070 4416 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
    2011/02/25 09:36:44.0101 4416 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    2011/02/25 09:36:44.0132 4416 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    2011/02/25 09:36:44.0163 4416 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    2011/02/25 09:36:44.0195 4416 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/02/25 09:36:44.0351 4416 amdkmdag (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/02/25 09:36:44.0507 4416 amdkmdap (7fe67d107329dc2cf89136a8e19bceb7) C:\Windows\system32\DRIVERS\atikmpag.sys
    2011/02/25 09:36:44.0522 4416 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/02/25 09:36:44.0538 4416 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/02/25 09:36:44.0553 4416 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/02/25 09:36:44.0585 4416 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/02/25 09:36:44.0600 4416 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    2011/02/25 09:36:44.0631 4416 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/02/25 09:36:44.0647 4416 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/02/25 09:36:44.0678 4416 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/02/25 09:36:44.0694 4416 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    2011/02/25 09:36:44.0741 4416 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
    2011/02/25 09:36:44.0756 4416 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
    2011/02/25 09:36:44.0897 4416 atikmdag (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/02/25 09:36:44.0975 4416 AVGIDSDriver (0f562e8bcf79facdfb58a5b3b95e5cfe) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    2011/02/25 09:36:44.0990 4416 AVGIDSEH (656366fd0c0e2481a89196fb3d1be49a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    2011/02/25 09:36:45.0037 4416 AVGIDSFilter (fdf9f596316bc1bc10726ece268a0237) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    2011/02/25 09:36:45.0068 4416 Avgldx64 (91be0147bc27059aba6d0a478adeb1ee) C:\Windows\system32\DRIVERS\avgldx64.sys
    2011/02/25 09:36:45.0099 4416 Avgmfx64 (f5ffa3053d26c55edc112e66197eed09) C:\Windows\system32\DRIVERS\avgmfx64.sys
    2011/02/25 09:36:45.0131 4416 Avgrkx64 (5b3f127b26c08b1c7df5c5f111ca4030) C:\Windows\system32\DRIVERS\avgrkx64.sys
    2011/02/25 09:36:45.0162 4416 Avgtdia (9140455490a9298f5a43500f1c886afe) C:\Windows\system32\DRIVERS\avgtdia.sys
    2011/02/25 09:36:45.0209 4416 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/02/25 09:36:45.0224 4416 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/02/25 09:36:45.0255 4416 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/02/25 09:36:45.0271 4416 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/02/25 09:36:45.0287 4416 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    2011/02/25 09:36:45.0302 4416 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/02/25 09:36:45.0318 4416 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/02/25 09:36:45.0349 4416 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/02/25 09:36:45.0365 4416 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/02/25 09:36:45.0380 4416 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/02/25 09:36:45.0396 4416 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/02/25 09:36:45.0411 4416 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/02/25 09:36:45.0443 4416 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/02/25 09:36:45.0458 4416 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/02/25 09:36:45.0489 4416 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/02/25 09:36:45.0521 4416 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/02/25 09:36:45.0552 4416 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/02/25 09:36:45.0567 4416 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/02/25 09:36:45.0599 4416 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    2011/02/25 09:36:45.0614 4416 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/02/25 09:36:45.0645 4416 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/02/25 09:36:45.0661 4416 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/02/25 09:36:45.0708 4416 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
    2011/02/25 09:36:45.0723 4416 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/02/25 09:36:45.0739 4416 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/02/25 09:36:45.0786 4416 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/02/25 09:36:45.0817 4416 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/02/25 09:36:45.0895 4416 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/02/25 09:36:45.0989 4416 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/02/25 09:36:46.0004 4416 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    2011/02/25 09:36:46.0035 4416 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/02/25 09:36:46.0051 4416 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/02/25 09:36:46.0082 4416 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/02/25 09:36:46.0098 4416 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/02/25 09:36:46.0113 4416 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/02/25 09:36:46.0129 4416 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/02/25 09:36:46.0145 4416 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    2011/02/25 09:36:46.0160 4416 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/02/25 09:36:46.0191 4416 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
    2011/02/25 09:36:46.0207 4416 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/02/25 09:36:46.0238 4416 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/02/25 09:36:46.0269 4416 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/02/25 09:36:46.0285 4416 gdrv (6275303610285b57361f03a375062fba) C:\Windows\gdrv.sys
    2011/02/25 09:36:46.0301 4416 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/02/25 09:36:46.0332 4416 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/02/25 09:36:46.0363 4416 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    2011/02/25 09:36:46.0394 4416 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/02/25 09:36:46.0410 4416 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/02/25 09:36:46.0425 4416 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/02/25 09:36:46.0441 4416 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/02/25 09:36:46.0472 4416 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/02/25 09:36:46.0488 4416 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/02/25 09:36:46.0519 4416 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    2011/02/25 09:36:46.0535 4416 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    2011/02/25 09:36:46.0566 4416 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/02/25 09:36:46.0597 4416 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/02/25 09:36:46.0613 4416 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/02/25 09:36:46.0691 4416 IntcAzAudAddService (4a725cdde1a0c3d1b1eaca0d9d0d95d0) C:\Windows\system32\drivers\RTKVHD64.sys
    2011/02/25 09:36:46.0722 4416 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    2011/02/25 09:36:46.0737 4416 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/02/25 09:36:46.0753 4416 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/02/25 09:36:46.0784 4416 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/02/25 09:36:46.0800 4416 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/02/25 09:36:46.0815 4416 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/02/25 09:36:46.0831 4416 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/02/25 09:36:46.0847 4416 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/02/25 09:36:46.0878 4416 JRAID (db85fe8d6cbaa2047cb4da1b2c193d76) C:\Windows\system32\DRIVERS\jraid.sys
    2011/02/25 09:36:46.0909 4416 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/02/25 09:36:46.0909 4416 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/02/25 09:36:46.0940 4416 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    2011/02/25 09:36:46.0956 4416 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/02/25 09:36:46.0971 4416 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/02/25 09:36:47.0034 4416 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/02/25 09:36:47.0049 4416 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/02/25 09:36:47.0065 4416 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/02/25 09:36:47.0081 4416 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/02/25 09:36:47.0096 4416 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/02/25 09:36:47.0143 4416 lvpepf64 (4a503882318bb2f59218d401614e6af6) C:\Windows\system32\DRIVERS\lv302a64.sys
    2011/02/25 09:36:47.0190 4416 LVPr2M64 (7717a2cb550267860d3933f3fba0216f) C:\Windows\system32\DRIVERS\LVPr2M64.sys
    2011/02/25 09:36:47.0205 4416 LVPr2Mon (7717a2cb550267860d3933f3fba0216f) C:\Windows\system32\DRIVERS\LVPr2M64.sys
    2011/02/25 09:36:47.0221 4416 LVRS64 (125ae13c293889001b8456cf3eb04a40) C:\Windows\system32\DRIVERS\lvrs64.sys
    2011/02/25 09:36:47.0252 4416 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/02/25 09:36:47.0268 4416 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/02/25 09:36:47.0283 4416 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/02/25 09:36:47.0315 4416 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/02/25 09:36:47.0346 4416 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/02/25 09:36:47.0393 4416 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/02/25 09:36:47.0393 4416 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    2011/02/25 09:36:47.0424 4416 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    2011/02/25 09:36:47.0439 4416 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/02/25 09:36:47.0471 4416 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    2011/02/25 09:36:47.0486 4416 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/02/25 09:36:47.0517 4416 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/02/25 09:36:47.0533 4416 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/02/25 09:36:47.0549 4416 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    2011/02/25 09:36:47.0580 4416 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/02/25 09:36:47.0595 4416 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/02/25 09:36:47.0611 4416 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/02/25 09:36:47.0627 4416 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/02/25 09:36:47.0658 4416 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/02/25 09:36:47.0673 4416 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/02/25 09:36:47.0689 4416 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/02/25 09:36:47.0705 4416 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    2011/02/25 09:36:47.0736 4416 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/02/25 09:36:47.0767 4416 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/02/25 09:36:47.0783 4416 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/02/25 09:36:47.0798 4416 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/02/25 09:36:47.0829 4416 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/02/25 09:36:47.0845 4416 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    2011/02/25 09:36:47.0876 4416 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/02/25 09:36:47.0892 4416 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/02/25 09:36:47.0923 4416 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/02/25 09:36:47.0939 4416 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/02/25 09:36:47.0954 4416 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    2011/02/25 09:36:47.0970 4416 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2011/02/25 09:36:47.0985 4416 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    2011/02/25 09:36:48.0032 4416 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/02/25 09:36:48.0048 4416 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/02/25 09:36:48.0063 4416 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2011/02/25 09:36:48.0110 4416 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    2011/02/25 09:36:48.0141 4416 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/02/25 09:36:48.0173 4416 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/02/25 09:36:48.0188 4416 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/02/25 09:36:48.0219 4416 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/02/25 09:36:48.0266 4416 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/02/25 09:36:48.0297 4416 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/02/25 09:36:48.0313 4416 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    2011/02/25 09:36:48.0344 4416 PCAMp50a64 (304e6ac43613a9c43896c4300009442b) C:\Windows\system32\Drivers\PCAMp50a64.sys
    2011/02/25 09:36:48.0375 4416 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys
    2011/02/25 09:36:48.0391 4416 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    2011/02/25 09:36:48.0407 4416 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    2011/02/25 09:36:48.0438 4416 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/02/25 09:36:48.0453 4416 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/02/25 09:36:48.0469 4416 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/02/25 09:36:48.0594 4416 PID_PEPI (ae0b94363da0f60d42b9d05b352f61ed) C:\Windows\system32\DRIVERS\LV302V64.SYS
    2011/02/25 09:36:48.0672 4416 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
    2011/02/25 09:36:48.0703 4416 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/02/25 09:36:48.0734 4416 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/02/25 09:36:48.0812 4416 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/02/25 09:36:48.0875 4416 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/02/25 09:36:48.0890 4416 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/02/25 09:36:48.0906 4416 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/02/25 09:36:48.0937 4416 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/02/25 09:36:48.0953 4416 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/02/25 09:36:48.0984 4416 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/02/25 09:36:48.0999 4416 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/02/25 09:36:49.0015 4416 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/02/25 09:36:49.0031 4416 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/02/25 09:36:49.0046 4416 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/02/25 09:36:49.0077 4416 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/02/25 09:36:49.0109 4416 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/02/25 09:36:49.0124 4416 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    2011/02/25 09:36:49.0140 4416 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    2011/02/25 09:36:49.0202 4416 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
    2011/02/25 09:36:49.0280 4416 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/02/25 09:36:49.0327 4416 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/02/25 09:36:49.0452 4416 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/02/25 09:36:49.0483 4416 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/02/25 09:36:49.0499 4416 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/02/25 09:36:49.0514 4416 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/02/25 09:36:49.0561 4416 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/02/25 09:36:49.0577 4416 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/02/25 09:36:49.0592 4416 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/02/25 09:36:49.0608 4416 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/02/25 09:36:49.0639 4416 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/02/25 09:36:49.0655 4416 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/02/25 09:36:49.0686 4416 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/02/25 09:36:49.0701 4416 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/02/25 09:36:49.0748 4416 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
    2011/02/25 09:36:49.0779 4416 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
    2011/02/25 09:36:49.0795 4416 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/02/25 09:36:49.0811 4416 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/02/25 09:36:49.0842 4416 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    2011/02/25 09:36:49.0920 4416 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
    2011/02/25 09:36:49.0982 4416 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/02/25 09:36:50.0029 4416 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    2011/02/25 09:36:50.0045 4416 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/02/25 09:36:50.0060 4416 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/02/25 09:36:50.0076 4416 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    2011/02/25 09:36:50.0107 4416 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    2011/02/25 09:36:50.0138 4416 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/02/25 09:36:50.0154 4416 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/02/25 09:36:50.0185 4416 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/02/25 09:36:50.0201 4416 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    2011/02/25 09:36:50.0232 4416 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/02/25 09:36:50.0263 4416 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    2011/02/25 09:36:50.0279 4416 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/02/25 09:36:50.0310 4416 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
    2011/02/25 09:36:50.0325 4416 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/02/25 09:36:50.0357 4416 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/02/25 09:36:50.0372 4416 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/02/25 09:36:50.0388 4416 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/02/25 09:36:50.0419 4416 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/02/25 09:36:50.0435 4416 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/02/25 09:36:50.0466 4416 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/02/25 09:36:50.0481 4416 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/02/25 09:36:50.0513 4416 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/02/25 09:36:50.0528 4416 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/02/25 09:36:50.0544 4416 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/02/25 09:36:50.0575 4416 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/02/25 09:36:50.0591 4416 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    2011/02/25 09:36:50.0606 4416 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/02/25 09:36:50.0622 4416 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    2011/02/25 09:36:50.0653 4416 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/02/25 09:36:50.0669 4416 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/02/25 09:36:50.0700 4416 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    2011/02/25 09:36:50.0731 4416 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/02/25 09:36:50.0747 4416 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/02/25 09:36:50.0747 4416 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/02/25 09:36:50.0793 4416 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/02/25 09:36:50.0809 4416 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/02/25 09:36:50.0856 4416 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/02/25 09:36:50.0887 4416 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/02/25 09:36:50.0949 4416 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/02/25 09:36:50.0996 4416 WPN111 (788914c42ad8318f1dd7a565eaffb049) C:\Windows\system32\DRIVERS\WPN111vx.sys
    2011/02/25 09:36:51.0027 4416 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/02/25 09:36:51.0059 4416 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    2011/02/25 09:36:51.0090 4416 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/02/25 09:36:51.0137 4416 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/02/25 09:36:51.0137 4416 ================================================================================
    2011/02/25 09:36:51.0137 4416 Scan finished
    2011/02/25 09:36:51.0137 4416 ================================================================================
    2011/02/25 09:36:51.0137 1940 Detected object count: 1
    2011/02/25 09:37:00.0185 1940 \HardDisk0 - will be cured after reboot
    2011/02/25 09:37:00.0185 1940 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/02/25 09:37:16.0955 4832 Deinitialize success
  4. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Very good :)

    See, if you can run DDS now.
  5. Jonny Napalm

    Jonny Napalm TS Rookie Topic Starter Posts: 16

    Nope, when I open DDS it comes up with the DOS box and tells me what it does, it then opens a notepad named PEV - Notepad inside it says this
    Also when I right click the DDS icon and go to properties it says its a screensaver file? Screen saver (.scr)

    MZ   ÿÿ ¸ @ ð º Í!¸LÍ!This program cannot be run in DOS mode.

    $ ·‘Ú›óð´Èóð´Èóð´Èúˆ!Èéð´Èúˆ0ȶð´Èúˆ7È]ð´ÈÔ6ÙÈðð´ÈÔ6ÏÈàð´ÈóðµÈ\ð´Èúˆ>ÈÃð´Èúˆ%Èòð´ÈRichóð´È PE L ”éÐK à  
    n   0
    @     
     âÆ  @      dâ à ½
     .text Ð  Ò  PEC2]O à.rsrc à  Ö à.reloc 
     è @ À ¸`ïL Pdÿ5 d‰% 3À‰PECompact2 Õ@š› Ȳ,ÚÚ^ÿЄ?šÛ€nØF˜
    ž§“êá 0@.‚t"Ä×Í©2„{¹Kû!Ÿ«ŠÁ¿½¸T¶q໸ujŽ©Óq×r×ç=2ªqñ¡utX”¢Ä¬ï©(I±œï¸QU?va0_„e;h§ˆÎ+@ä(1KEÿ@)ÒªgãÁ¯+ÝdVm`—»P¤ÞÄ{ëìÑãE›¿ØÐÕŸ# ÑO[$ŽÊcÖÙ<šŒ D‡™á3*§ÃšìÕ±hãÆÐÝHß0«„µõfTù¶Ü¤¦’øŒµ~QÐ§Ê eØûqF*Ÿ-‚§Oð`Pü ¿áO#ä È€ÈÞÉÙ?›{«0LCûT²s÷¼ú¦“©ž·H*…›o¼}‰˜ò·òo•R4Fßf„Ñ^r!YV–ù®Û]£àfx bñžŠôÀ¡¹åƒ?w…Èç†Ø‚ßjXÁöÿlãiÏC*ÛTÒå#.œ BÒÊ*õÙÒ;äúsãl~qt¦í!ôŽp?PuÚc÷ÙÝkðÞª¨ƒƒ2ͱ€VrRv¨âµ‡Ú
    ¥!nŠ7 2¯@JÛ•óà…+5Ÿ<©Ã}2³õÿˆ[ Ñù*÷K)R‰Æy=¢Ü•U¯·Â““Z€šX)¤
    "í½:*v8“¸‰º¤8€6‰µˆ Bå(qw"nŸÖ©…€•ßM¯kË_ç÷xà`4|q4-…܇FÛåº`ÑMÕñ§.3À]5_ð‰¯ ¬|¡…yhëÁ(‘³Mü1è)Óå`ië@h¼N¿ÔûȵÛX}´y¨ö¾óÚýMGM/Fâ|4¬˜ NºmÈÂIf0cœRÎd–¬â?áì‡"kÆûIIÄv¸Êç¤ÒMãó_%Äk]¾—÷›3´±PuJ¬wøFyFº×e]àŽ4H=lÿÍ©…÷*=fÙ`k…‚ƒtyB á‰M"vÄ”Z¸Y¯H+&Wz\Æ–õšóo¬›ÊŒ±!ð††¯…zdk0CÔ_xµjŠmq˜7#qv`w€€3“aØZ"㧧˜à ¸3º}ÂÝ#3[ñ¶1Dk«=Ë’ÓW–uxROµZH~ºe7óI>ðñ£Ö”ø\j¾íö ֧Ȍ4"ò{”1·wíÿÏ?¦ím§ñ'¥saáçh8ü>Zc•*¹º¸äPËxPïrBØ„ÞÉÎ;\¾ ܦ3ŠWÍ¿ôµÂMÚ9R¹=æÚ ½âÇ–¡Ÿ£Ã±*¦§ÆÅÅS×ØÛè×é:B:"Œû¡8µ Y÷°»B[µø°/‚zeÜÚäí+;fñ9ƒ1h—3ÆÐeqKx¯5«7;²uÍ>ÍáS§UB¯Pj5´’˜u…›##_½º„p9Ì%ø¡ü~ðÐ⯵±°Íd
    /~u¨
    nE“CoåÈ.p±RC*gç¾ývrYÈ$‘ë÷Éì.MU'Õ¬8ùrìÛÊÒ«h€“>bŠ#ÉìãcOŠ
    è¦BE†ghÜ*3NÃ÷M<?DŒyoÂÿ}sÀ‡þD*£*z|Ö9±'£Ñis½° -½Í(ø1u†Ø1gmkqÒyÔÚX‹øY×2kXŒüqn~¬ fE
    $¢†ãÿ<"\t¾_¸uØÚî›+ð(4",Àr'¢ªcïsV~>¦Ð¦¢}Qþ|(œþxŸª,*J6}›VØl\Ïø6äª8*-ö+zL·Þ—nH åú¢8ƒoÉÈC*þæeNVKlc²+ѹYó!´p– Û-Â*¯›¢Û;«Û~\-—gV*×9± Á†3Ï€Å^ºr±Òó™‘Æ„gIì:΃^«ÿ{Ó°ÖOAuìÂg¿ø± ÒĉE0 û¦kå…W(‰É~ËÈkñ„x©¼·âÿÃi¾âÅܧRùð›Ë‰/ê’…÷®ä½Ü•™¼››²zÅïx¦ö%§’Eê×LvJ‹Î)[KC,œ¾Ü¢ª I´¨ð
    2å¹#”G ÅÅwgFÎ*Ð/Âþ]‘ÄM5³®š)‚W-Š›=oöÌãNLòÔË8Ôltý;|µªf†qòtHŒí:±\«Ó(
    !?ÀÜZ =ñÎï––¬$À¬¢/(þ3®¸ÿ™¯~
    qS¨æ(2±ïÂTE• ƒ^PJ…TÕjË“)¬¹D÷!ÌývÑt›bÖôæ*vé&äòŠ×›Ü›’¸:„S²=ãJ„"+> åiÓ¹ƒŠ‚PÓ)t½÷Ý‘¨ŠW¾œ|§R‘¥Ô·`"+FN© d]IùH^n)اÌ$¼/¹«Þ˜æÇî!J),ÎPFîà@·æ4LÈËAê|Å>Jì‰sÉå*&Žr×|-ø×€DÚI¼¿Gcí‡ânÌÿ0õ/éþ|·M[赩*²˜Pv‹ž0GýŠl·˜
    8‘u#á)Z¯ãÂFćõaåöN™šˆÀ¢ü>`[fYY¢˜¦›€ÄIJ’?CìÄG@À'KN_"Λ+…˜¹;Qš³Ô‘áÿŠ5¬£M’`ÂŽ`,Ü—µóu*è²Ð z•½Ý¹X*jn1œántü§ÇäxñuÑOj W#ÛçŽ6Ï×Í@í$(¢(eàýë´•€ êÙ©Ò%eUA8Í*2š`,W8Ï.d»BiÌS¹- -XóE»;zàhu4ûØhOXg㠖̲ÄXm‚–8ÅÔj{%$Þ1–îá}Ó¯ì3q8×Çzä'4é[ªµ®¼£IµsÄ©JŠ†[óŽ§uh[é‹h–‘l¨tt¥5ŠA*‹õ¤fîÖ;šCO« 7ؼ®‰>¡û*fHkb°¸–3wK¡Ú€,?gúà¦ËD8LRä<NÇXU‰Bú7¾
    ™Ÿ©G_!knƾђ
    J?? cùŸëÚú¤ƒ •lÖ]Äà
    º€ТÚÚ‹–R#XI¡‡ŠM,£oq›d5gùW‘%í@K+@K?'!Ñu×nh8g—½i‡wx
    ¹}±Äxøæº
    pÅuæm³òìÔü‚¦ßÿÙ‡jsLA#¬’;L—¥ÔÀ8,„±EÙŸïç‰âÏwì8¹×³Á?¥SuÖmîÆöÌ‚¦P €¬¨<gfƒ êÂ\B.YIn6}så*'G•NÜÔDA–GV^E‰q— Ûžúðoi×Õÿ6E¸'bÃç{!q_2fö¹2¦òBI é(|ù³ou¯ÓT–_jœ¶`´„Ór½ç¶1°«×„”|®;Ô’Žœ§©gá—lõ6·]*ÚéóÃwœ^03†¤ÛÁB…ØØ“R É\ƒíL2íSгr_M¦‰gñÜ×çõ€ÒuÛõÖoY»Ÿ
    VµvÌ®‰Eª iééDÁɳµ5Q^ÂD´0¤|DU¢…úÁ@6l™I
    þ8
    ±ÏOé¾+<yƒÐ?*ÄÈø¶ª£\ÜØù¥È㧃OÒ6.dü3
    ´Âõv.)Èñ(ó‚ñýqB5‰L3ÌTtë4“>²@Õ;Âtúe“„dXW™öîCÄ¥Ô–Î$¢ ’c
    ‡HgO¢AÒ •
    –=IÙ‘¦DÔ1,°0ü¤Ïõ™•h=ý:C'=)Ç{„:¢lÔ&ÝÜÁ´V¼œqÇW¦ÈõÎ!d‹ÌØz¬y“ üè;ä)kœº Í–~&ñŽXSØš<Gvì»3WŠ47F¡<î 7”ôd0Æ$B––
    Ìy‡…—³×–Ÿ ~#|EîáÁg%a®œé/Z:ZžHÒáóðû«„ĶPhsX˜ú!urͤ^
    o{æ‹k•Ý<Rv âØ)#ú<rž63è܈¶qBÒ§k¸C‘S}
    Ú Ñ+‘Ï…ýú³Šg··0¥Ü•>¦(–J`îbëõQ=ðn}ýñ™Ê'0é\AWÒ¯‹b¨‚WW¹ÍÖHpð¾qN•oibJ’ÕzdÝYM¤àylùã'|¨§ðÙºa &µúí™äÄZXN¢F¦½€…I@r )@HfEƒ\ä/ש¡Ðie«ÄS³œ‚-æóƒf¥$-'þ¨Û&¨žØCMéF$”¹‚¬ ·ˆ½àmK'}cÄ-!¬Å0aH=¾@ ¨ó/†ÝÛ›_$YXiz¨ˆ_²,½z·è¾² 2WíôÐD‚m:~^—¿'jMÝ÷Êò5$õÍ”%n†gÊXÓbõîäá8Ðb veÈIW2æSˆpöYå¥Ñe@FD
    Ø>£oUV˳w½lCù ix5þ?ÑFú¹@™”¬|*€7$)Â7µL‚ö?ùb
    g\\¹P4Ô(¬!…`Ñ«ö»†(Eö»‚ãwò „Ö60rë‹znµqq*6žc=ym|S‚SFÜfžÅl ‰ô¤Þ…á,c¥j‚O™°÷FìXr}Ará§rS&äåÍh¡tØ ƒÈȽÇår¥1àë_àç‡KWQ0úøþŸùz¬ÏL3³‚§£-Üù‡ Ò¾nb³’ š+%óU_r3© >jêßÏïnʦsÅÉ]YŽÔ T<Áñ× ŽÌÅôÿãÕi»ñUsòWEkƒvÒè€ÿû€»O^IÃÑÊx¯»ãµ$Â/VŒ5 …ììU|)y{ÿÔµéÇE͘l³š´O e„ F²SŸH «ŸÄr@•›ƒÌ`d)Ý'ËK‡‡€›¸âÌŽ|ÔÁ_~NDà·v_A¼‚a˜êÊ;‰ +ç)%6ÝNt1ÒrH©/çÐù•íÉ…€Ãèœ,öxs[ ¹Ãg~¯F\É ¶=òþLMZ®Ë¥fŠRf˜Ê-ô3Ä¥Hv}µ|E3ÁÒÙ݈!§ù ʹ”™’Aní2P§x©+NÝ` þàbáÿnN´Ü¹~aªã]ÉÄEѸ•ÛºÁ8-“€¸’à‰1¡õ¦Ë§æXûžëÓ²ËÒ·‚• 8se‚\2¬–C7c›djpóXýâ£]f+“$OX¹ ÞÉžÇÆ=¬o ý⇱d˜¶¦ú4ݲSê'ÖDê•h”êA„†:EUTÕ„˜ÀJLL"¿C(Ôs¨[˜¦A¿ÝLÚ`+t¿Dà2Žg˜t‚%µßîÌUù]öO È•Ÿ¥*74Ø Æ½µºÈ
    (G¢”õÐ>:ÍN`.šù_½˜à¡Qƒ÷'’WJ~ˆ4ñ:¿.KÓ”p¨ÙacîÚßÏ
    ˆpA%²y•Å¥kH°ÖŠWõÏoЧ|Èq¥II_{ÈÎë=äbÆGÆP»à¯ËݳxJ íT…žñ$åÀqÉŽ\Œå)…6£Ø{ƒI[&S€É/.%nŸBZïÿfû¦Fûù ¦‡ˆ]à¤ØàH©ºFzmÀÏ×Ö8slnï˜ÊYÞ2'¢ÑÔƒ¹u|ÞY¿U³¯5ðs
    +ÛóáK¦KèDú]•OÎðHâžF<´5²¿OÅÜï ÇgPüõ´
    ^Ó9•æ@¸cêðöé¶Ý“ë‹:"¡÷šÒ)îm¸eê$É‚ø9}æ8ùŸ#PÑ8êü,6™åÊ´(ú—JÔ´&5¿3²Óü#¼EÀìó|WÎòȆú?ñd¢×ßZÌŠ1—3

    And continues on for ages.
  6. Jonny Napalm

    Jonny Napalm TS Rookie Topic Starter Posts: 16

    Okay managed to sort it, everytime I closed the notepad it would open up again, I had to keep clicking the close button, but in the end I got the logs I needed so, here you are.

    DDS logs

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Jon_2 at 18:11:21.39 on 25/02/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_16
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4094.2277 [GMT 0:00]

    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    C:\Windows\system32\taskhost.exe
    svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    svchost.exe
    svchost.exe
    C:\Windows\RAVCpl64.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files (x86)\Steam\steam.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\NETGEAR\WPN111\wpn111.exe
    C:\Program Files (x86)\Java\jre6\bin\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Jon_2\Desktop\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uSearch Bar = Preserve
    uStart Page = hxxp://www.google.co.uk/
    uInternet Settings,ProxyOverride = <local>
    mWinlogon: Userinit=userinit.exe
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg10\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files (x86)\windows live\companion\companioncore.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn toolbar\platform\6.3.2322.0\npwinext.dll
    BHO: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
    BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files (x86)\hypercam toolbar\tbcore3.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files (x86)\hypercam toolbar\tbcore3.dll
    TB: @c:\program files (x86)\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files (x86)\msn toolbar\platform\6.3.2322.0\npwinext.dll
    TB: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files (x86)\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
    uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
    uRun: [Logitech Vid] "c:\program files (x86)\logitech\logitech vid\vid.exe" -bootmode
    mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
    mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
    mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
    mRun: [WinampAgent] "c:\program files (x86)\winamp\winampa.exe"
    mRun: [DivXUpdate] "c:\program files (x86)\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
    mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [ATICustomerCare] "c:\program files (x86)\ati\aticustomercare\ATICustomerCare.exe"
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
    mRun: [AVG_TRAY] c:\program files (x86)\avg\avg10\avgtray.exe
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDczNTI3NDU4LUZQOTIrNi1CQVI5RysxLVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEMrMQ"&"prod=90"&"ver=10.0.1204
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files (x86)\netgear\wpn111\wpn111.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files (x86)\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
    DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    TCP: {00E80E85-562A-4664-A665-738101722AB5} = 192.168.1.1,192.168.1.2
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg10\avgpp.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files (x86)\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - c:\windows\syswow64\ie4uinit.exe -BaseSettings
    mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\windows\syswow64\rundll32.exe c:\windows\syswow64\mscories.dll,Install
    mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - c:\windows\syswow64\ie4uinit.exe -UserIconConfig
    mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "c:\windows\syswow64\rundll32.exe" "c:\windows\syswow64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath -

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidseh.sys --> c:\windows\system32\drivers\AVGIDSEH.Sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx64.sys --> c:\windows\system32\drivers\avgrkx64.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx64.sys --> c:\windows\system32\drivers\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx64.sys --> c:\windows\system32\drivers\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;c:\windows\system32\drivers\avgtdia.sys --> c:\windows\system32\drivers\avgtdia.sys [?]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe --> c:\windows\system32\atiesrxx.exe [?]
    R2 avgwd;AVG WatchDog;c:\program files (x86)\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    R2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2009-10-7 191000]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-3-29 1153368]
    R2 TeamViewer5;TeamViewer 5;c:\program files (x86)\teamviewer\version5\TeamViewer_Service.exe [2010-4-16 173352]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys --> c:\windows\system32\drivers\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys --> c:\windows\system32\drivers\atikmpag.sys [?]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\atihdw76.sys --> c:\windows\system32\drivers\AtihdW76.sys [?]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriver.sys --> c:\windows\system32\drivers\AVGIDSDriver.Sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilter.sys --> c:\windows\system32\drivers\AVGIDSFilter.Sys [?]
    R3 lvpepf64;Volume Adapter;c:\windows\system32\drivers\lv302a64.sys --> c:\windows\system32\drivers\lv302a64.sys [?]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\drivers\lvpr2m64.sys --> c:\windows\system32\drivers\LVPr2M64.sys [?]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\drivers\lvrs64.sys --> c:\windows\system32\drivers\lvrs64.sys [?]
    R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\drivers\pcasp50a64.sys --> c:\windows\system32\drivers\PCASp50a64.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\rt64win7.sys --> c:\windows\system32\drivers\Rt64win7.sys [?]
    R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\wpn111vx.sys --> c:\windows\system32\drivers\WPN111vx.sys [?]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 GEST Service;GEST Service for program management.;c:\program files (x86)\gigabyte\energysaver\GSvr.exe [2010-3-27 68136]
    S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-7-23 136176]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys --> c:\windows\system32\drivers\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files (x86)\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
    S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\drivers\pcamp50a64.sys --> c:\windows\system32\drivers\PCAMp50a64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\watadminsvc.exe --> c:\windows\system32\wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 57184]

    =============== Created Last 30 ================


    ==================== Find3M ====================


    ============= FINISH: 18:19:12.60 ===============



    Attach logs

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 27/03/2010 10:27:40
    System Uptime: 25/02/2011 17:23:40 (1 hours ago)

    Motherboard: Gigabyte Technology Co., Ltd. | | EX58-UD3R
    Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | Socket 1366 | 1983/133mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 931 GiB total, 632.736 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop Express Uploader
    Akamai NetSession Interface
    Aliens vs Predator
    America's Army 3
    AMP WinOFF
    Apple Application Support
    Apple Software Update
    Application Profiles
    ARMA 2 Operation Arrowhead Uninstall
    ArmA 2 Uninstall
    Ask Toolbar
    Assassin's Creed
    ATI Catalyst Registration
    Audacity 1.3.12 (Unicode)
    Auslogics BoostSpeed
    Auslogics Disk Defrag
    Battlefield 2(TM)
    Battlefield 2: Special Forces
    Battlefield: Bad Company™ 2
    Bing Bar
    Bing Bar Platform
    Browser Configuration Utility
    Call of Duty(R) - World at War(TM)
    Call of Duty(R) - World at War(TM) 1.2 Patch
    Call of Duty(R) - World at War(TM) 1.4 Patch
    Call of Duty(R) - World at War(TM) 1.5 Patch
    Call of Duty(R) - World at War(TM) 1.6 Patch
    Call of Duty(R) - World at War(TM) 1.7 Patch
    Call of Duty(R) 2
    Call of Duty(R) 2 Mod Tools
    Call of Duty(R) 2 Patch 1.3
    Call of Duty(R) 4 - Modern Warfare(TM)
    Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    Call of Duty: Black Ops
    Call of Duty: Black Ops - Multiplayer
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    ccc-core-static
    CCC Help English
    CoD2 Pure v2.0
    Counter-Strike
    Counter-Strike: Condition Zero
    Counter-Strike: Condition Zero Deleted Scenes
    Counter-Strike: Source
    D3DX10
    Day of Defeat
    Death to Spies (Remove Only)
    Death to Spies: Moment of Truth (Remove Only)
    Deathmatch Classic
    DivX Setup
    DSA Motorcyclist Theory Test
    EA Download Manager
    EA Download Manager UI
    EAX Unified
    Energy Saver Advance B8.1208.1
    Far Cry 2
    Foxit Reader
    Fraps (remove only)
    GameSpy Arcade
    Garry's Mod
    Gigabyte Raid Configurer
    Google Earth
    Google Update Helper
    Grand Theft Auto IV
    Grand Theft Auto: Episodes from Liberty City
    GRID
    GTA San Andreas
    Half-Life 2: Deathmatch
    Halloween Desktop Animations version 1.0
    Hitman 2: Silent Assassin
    Hitman Blood Money
    Hitman: Contracts
    HydraVision
    HyperCam Toolbar
    Java(TM) 6 Update 16
    Junk Mail filter update
    Just Cause 2
    Logitech Vid HD
    Mafia Game
    Mafia II
    Malwarebytes' Anti-Malware
    Mass Effect
    Medal of Honor (TM)
    Medal of Honor Beta
    Medal of Honor™ MP Open Beta
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 1.1
    Microsoft Flight Simulator X
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.6.2pre)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    neroxml
    NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
    NVIDIA PhysX
    OpenAL
    Portal
    PunkBuster Services
    QuickTime
    Realtek High Definition Audio Driver
    Ricochet
    Roblox for Jon_2
    Rockstar Games Social Club
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    SHOUTcast Source DSP 1.9.1 (remove only)
    Silent Hunter 4 Wolves of the Pacific
    SmartFTP Client Setup Files 4.0 (x64) (remove only)
    Spybot - Search & Destroy
    Steam
    System Requirements Lab
    TeamSpeak 3 Client
    TeamViewer 5
    The Godfather™ II
    The Lord of the Rings FREE Trial
    The Matrix - Path of Neo
    The Sims 2
    The Sims 2 Nightlife
    The Sims™ 2 Bon Voyage
    The Sims™ 2 FreeTime
    The Sims™ 2 H&M® Fashion Stuff
    The Sims™ 2 IKEA® Home Stuff
    The Sims™ 2 Teen Style Stuff
    TheMatrix Screen Saver version 1.14
    Tom Clancy's H.A.W.X
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2492475)
    VC80CRTRedist - 8.0.50727.4053
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual Studio 2008 x64 Redistributables
    Winamp
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live OneCare safety scanner
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinRAR archiver
    WinZip 14.0
    Xfire (remove only)

    ==== Event Viewer Messages From Past Week ========

    25/02/2011 09:38:34, Error: WPN111 [5003] - NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111 : Could not find a network adapter.
    25/02/2011 02:51:59, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user JON-PC\Jon (243) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
    25/02/2011 01:54:17, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000013a00000090, 0x0000000000000002, 0x0000000000000000, 0xfffff80002ecc995). A dump was saved in: C:\Windows\Minidump\022511-39140-01.dmp. Report Id: 022511-39140-01.
    25/02/2011 01:43:17, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xfffff8a00d88f03e, 0x0000000000000002, 0x0000000000000001, 0xfffff80003169901). A dump was saved in: C:\Windows\Minidump\022511-37502-01.dmp. Report Id: 022511-37502-01.
    25/02/2011 01:02:43, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    25/02/2011 00:42:25, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff80002e5bd29). A dump was saved in: C:\Windows\Minidump\022511-25864-01.dmp. Report Id: 022511-25864-01.
    25/02/2011 00:39:43, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    25/02/2011 00:39:43, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    25/02/2011 00:38:48, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80002e912b3). A dump was saved in: C:\Windows\Minidump\022511-33509-01.dmp. Report Id: 022511-33509-01.
    24/02/2011 21:33:26, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 for x64-based Systems (KB976932).
    24/02/2011 20:32:24, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80002ea02b3). A dump was saved in: C:\Windows\Minidump\022411-35771-01.dmp. Report Id: 022411-35771-01.
    24/02/2011 18:32:18, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff880055e0000, 0x0000000000000008, 0xfffff880055e0000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\022411-37190-01.dmp. Report Id: 022411-37190-01.
    24/02/2011 18:13:23, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
    24/02/2011 18:13:23, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    24/02/2011 18:10:56, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    24/02/2011 18:08:54, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
    24/02/2011 10:10:35, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64
    24/02/2011 10:10:27, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f7 (0x00002b990993e620, 0x00002b992ddfa232, 0xffffd466d2205dcd, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\022411-36363-01.dmp. Report Id: 022411-36363-01.
    23/02/2011 09:32:55, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f7 (0x00002b9909cff620, 0x00002b992ddfa232, 0xffffd466d2205dcd, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\022311-42681-01.dmp. Report Id: 022311-42681-01.
    20/02/2011 19:16:50, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000013a00000090, 0x0000000000000002, 0x0000000000000000, 0xfffff80002e92995). A dump was saved in: C:\Windows\Minidump\022011-39686-01.dmp. Report Id: 022011-39686-01.
    20/02/2011 19:09:25, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff880012c91b7, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\Minidump\022011-37877-01.dmp. Report Id: 022011-37877-01.
    19/02/2011 21:57:12, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {B3EDE298-AE75-4A1C-AB7E-1B9229B77BBE} as /. The error: "740" Happened while starting this command: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -Embedding
    19/02/2011 16:51:29, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xfffff8a00ff6f03e, 0x0000000000000002, 0x0000000000000001, 0xfffff800031b1901). A dump was saved in: C:\Windows\Minidump\021911-42510-01.dmp. Report Id: 021911-42510-01.
    19/02/2011 16:28:06, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AMD External Events Utility service to connect.
    19/02/2011 16:28:06, Error: Service Control Manager [7000] - The AMD External Events Utility service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    19/02/2011 16:21:30, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    19/02/2011 16:21:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    19/02/2011 16:21:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    19/02/2011 16:21:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    19/02/2011 16:21:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    19/02/2011 16:21:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    19/02/2011 16:21:17, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    19/02/2011 16:21:11, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy rdbss spldr tdx Wanarpv6 WfpLwf
    19/02/2011 16:21:11, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    19/02/2011 16:21:11, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    19/02/2011 16:21:11, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    19/02/2011 16:21:11, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    19/02/2011 16:21:11, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    19/02/2011 16:21:11, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    19/02/2011 16:21:11, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    19/02/2011 16:21:11, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    19/02/2011 16:21:11, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    19/02/2011 16:21:10, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0x0000000000000200, 0x0000000000000008, 0x0000000000000200). A dump was saved in: C:\Windows\Minidump\021911-38157-01.dmp. Report Id: 021911-38157-01.
    19/02/2011 13:37:39, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000318ecec, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\Minidump\021911-45645-01.dmp. Report Id: 021911-45645-01.
    18/02/2011 17:45:13, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80002e8d995, 0xfffff8800976aab0, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\021811-43383-01.dmp. Report Id: 021811-43383-01.

    ==== End Of File ===========================
  7. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  8. Jonny Napalm

    Jonny Napalm TS Rookie Topic Starter Posts: 16

    Alright, here are the ComboFix logs.

    ComboFix 11-02-24.05 - Jon 26/02/2011 0:21.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4094.2877 [GMT 0:00]
    Running from: c:\users\Jon_2\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files (x86)\HyperCam Toolbar\tbHElper.dll
    c:\users\Jon_2\AppData\Local\{D962FDEF-A62C-4110-BFA6-2759C01EFF09}
    c:\users\Jon_2\AppData\Local\{D962FDEF-A62C-4110-BFA6-2759C01EFF09}\chrome.manifest
    c:\users\Jon_2\AppData\Local\{D962FDEF-A62C-4110-BFA6-2759C01EFF09}\chrome\content\_cfg.js
    c:\users\Jon_2\AppData\Local\{D962FDEF-A62C-4110-BFA6-2759C01EFF09}\chrome\content\overlay.xul
    c:\users\Jon_2\AppData\Local\{D962FDEF-A62C-4110-BFA6-2759C01EFF09}\install.rdf
    c:\users\Jon_2\AppData\Roaming\Adobe\plugs
    c:\windows\system32\system
    c:\windows\SysWow64\system
    c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete

    .
    ((((((((((((((((((((((((( Files Created from 2011-01-26 to 2011-02-26 )))))))))))))))))))))))))))))))
    .

    2011-02-26 00:26 . 2011-02-26 00:26 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-26 00:26 . 2011-02-26 00:26 -------- d-----w- c:\users\Jon\AppData\Local\temp
    2011-02-26 00:26 . 2011-02-26 00:26 -------- d-----w- c:\users\localadmin\AppData\Local\temp
    2011-02-25 17:18 . 2009-04-30 23:02 539160 ----a-w- c:\windows\SysWow64\LVUI2RC.dll
    2011-02-25 17:18 . 2009-04-30 23:02 539160 ----a-w- c:\windows\SysWow64\LVUI2.dll
    2011-02-25 17:18 . 2009-04-30 23:01 327576 ----a-w- c:\windows\system32\drivers\lvrs64.sys
    2011-02-25 17:18 . 2009-04-30 22:57 416280 ----a-w- c:\windows\SysWow64\lvcodec2.dll
    2011-02-25 17:18 . 2009-04-30 22:55 2755096 ----a-w- c:\windows\system32\drivers\LV302V64.SYS
    2011-02-25 17:18 . 2009-04-30 22:55 15896 ----a-w- c:\windows\system32\drivers\lv302a64.sys
    2011-02-25 17:18 . 2011-02-25 17:19 -------- d-----w- c:\program files\Common Files\LogiShrd
    2011-02-25 17:18 . 2011-02-25 17:18 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
    2011-02-25 17:09 . 2011-02-25 17:09 -------- d-----w- c:\users\Jon\AppData\Roaming\Leadertech
    2011-02-25 16:33 . 2011-02-25 16:33 -------- d-----w- c:\users\localadmin\AppData\Local\AVG Security Toolbar
    2011-02-25 16:29 . 2011-02-21 11:09 1372248 ----a-w- c:\temp\TDSSKiller.exe
    2011-02-25 16:28 . 2011-02-25 16:29 -------- d-----w- C:\Temp
    2011-02-25 16:28 . 2011-02-25 16:28 -------- d-----w- c:\users\localadmin\AppData\Roaming\AVG10
    2011-02-25 12:56 . 2011-02-25 12:56 -------- d-----w- c:\users\Jon_2\AppData\Local\{88430FA7-D08E-46B7-82E0-F9216D08ECBB}
    2011-02-25 01:50 . 2008-06-24 13:45 1414440 ----a-w- c:\windows\SysWow64\ShellManager310E2D762.dll
    2011-02-25 01:01 . 2010-12-20 18:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-02-25 01:01 . 2010-12-20 18:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-25 00:56 . 2011-02-25 00:56 -------- d-----w- c:\users\Jon_2\AppData\Local\{087319EA-1C70-4E5E-B7DD-B07F5BEC5227}
    2011-02-25 00:40 . 2011-02-25 00:41 -------- d-----w- c:\users\Jon_2\AppData\Local\{7D3F62DA-BBF4-4F2C-890E-C6A40571F64C}
    2011-02-24 11:33 . 2011-02-02 17:10 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C8AEBDD-AD9F-4DDD-8E39-A981659AC563}\mpengine.dll
    2011-02-24 10:12 . 2011-02-24 10:12 -------- d-----w- c:\users\Jon_2\AppData\Local\{EEB884B6-56B4-4E08-80A9-7F5BE2944F7B}
    2011-02-23 10:14 . 2011-02-23 10:14 -------- d-----w- c:\users\Jon_2\AppData\Local\{A65B08F6-0944-474D-AC5E-A816297FC09E}
    2011-02-22 10:13 . 2011-02-22 22:14 -------- d-----w- c:\users\Jon_2\AppData\Local\{1AC84E07-9998-40F1-851C-60A733F42E59}
    2011-02-21 22:13 . 2011-02-21 22:13 -------- d-----w- c:\users\Jon_2\AppData\Local\{C71A1275-2CFF-4103-A23B-5D81DAFA64EA}
    2011-02-21 10:12 . 2011-02-21 10:12 -------- d-----w- c:\users\Jon_2\AppData\Local\{58CEA6EE-8D54-4716-87F3-4BD29D54E0D6}
    2011-02-20 19:19 . 2011-02-20 19:20 -------- d-----w- c:\users\Jon_2\AppData\Local\{B5905913-7757-4DCB-9FAD-46F56C7B8B9E}
    2011-02-20 19:12 . 2011-02-20 19:12 -------- d-----w- c:\users\Jon_2\AppData\Local\{7C4032E0-D7F1-4634-B0EF-FE0162F236B6}
    2011-02-19 21:53 . 2011-02-19 21:53 -------- d-----w- c:\program files (x86)\CoD2 Pure v2.0
    2011-02-19 20:51 . 2011-02-19 20:51 -------- d-----w- c:\users\Jon_2\AppData\Local\{8415484E-F446-4095-9C3C-9C33E97238AD}
    2011-02-19 16:31 . 2011-02-19 16:31 -------- d-----w- c:\programdata\ATI
    2011-02-19 16:28 . 2011-02-19 16:28 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
    2011-02-19 16:28 . 2011-02-19 16:28 -------- d-----w- c:\program files (x86)\ATI Stream
    2011-02-19 08:50 . 2011-02-19 08:51 -------- d-----w- c:\users\Jon_2\AppData\Local\{38562501-9BC4-49CA-8768-9B9B84424AC9}
    2011-02-18 15:50 . 2011-02-18 15:50 -------- d-----w- c:\program files (x86)\Adobe Photoshop Express Uploader
    2011-02-18 15:36 . 2011-02-18 15:37 -------- d-----w- c:\users\Jon_2\AppData\Local\{9672CB16-FC9D-41DA-ABAA-F6B65F70DC66}
    2011-02-17 19:57 . 2011-02-17 19:58 -------- d-----w- c:\users\Jon_2\AppData\Local\{6FFBA430-C840-4F2F-8987-0A5F84B3E76C}
    2011-02-17 18:36 . 2010-12-21 06:13 2003968 ----a-w- c:\windows\system32\msxml6.dll
    2011-02-17 07:57 . 2011-02-17 07:57 -------- d-----w- c:\users\Jon_2\AppData\Local\{C891236F-6A02-4A14-BDD8-7660102A2D0A}
    2011-02-16 15:32 . 2011-02-16 15:32 -------- d-----w- c:\users\Jon_2\AppData\Local\{3BEBE00C-EC17-4921-AFE7-DBE9A793E472}
    2011-02-15 16:15 . 2011-02-15 16:15 -------- d-----w- c:\users\Jon_2\AppData\Local\{3D5D5DFE-5A92-4109-846F-D2DAADCFC94F}
    2011-02-14 17:00 . 2011-01-26 06:53 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-02-14 17:00 . 2011-01-26 06:53 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2011-02-14 17:00 . 2011-01-26 06:31 144384 ----a-w- c:\windows\system32\cdd.dll
    2011-02-14 16:57 . 2011-02-14 16:57 -------- d-----w- c:\users\Jon_2\AppData\Local\{0416637F-7274-4616-B3F6-2A2096A0B9E5}
    2011-02-13 20:40 . 2011-01-07 08:06 46080 ----a-w- c:\windows\system32\atmlib.dll
    2011-02-13 20:40 . 2011-01-07 07:27 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2011-02-13 20:40 . 2011-01-07 05:49 366080 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-13 20:40 . 2011-01-07 05:33 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
    2011-02-13 15:15 . 2011-02-13 15:15 -------- d-----w- c:\users\Jon_2\AppData\Local\{2EA740A1-74AA-4708-93CC-2D7347B272E9}
    2011-02-13 13:18 . 2011-02-13 13:18 -------- d-----w- c:\users\Jon\AppData\Roaming\Nero
    2011-02-13 12:59 . 2010-03-16 20:47 23000 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browserdirprovider.dll
    2011-02-13 12:59 . 2010-03-16 20:47 138712 ----a-w- c:\program files (x86)\Mozilla Firefox\components\brwsrcmp.dll
    2011-02-13 12:59 . 2010-03-16 20:47 17880 ----a-w- c:\program files (x86)\Mozilla Firefox\AccessibleMarshal.dll
    2011-02-13 00:08 . 2011-02-13 00:08 -------- d-----w- c:\users\Jon_2\AppData\Roaming\Malwarebytes
    2011-02-12 23:19 . 2011-02-12 23:19 -------- d-----w- c:\users\Jon\AppData\Roaming\Malwarebytes
    2011-02-12 23:19 . 2011-02-12 23:19 -------- d-----w- c:\programdata\Malwarebytes
    2011-02-12 23:19 . 2011-02-25 01:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-02-12 23:03 . 2011-02-12 23:03 -------- d-----w- c:\users\Jon_2\AppData\Local\{6CED28A7-E252-42C6-BE5F-D265EE9B9F0C}
    2011-02-12 11:02 . 2011-02-12 11:02 -------- d-----w- c:\users\Jon_2\AppData\Local\{AD562423-7DD3-4344-A32E-529FC6A74872}
    2011-02-12 10:57 . 2011-02-12 10:57 -------- d-----w- c:\users\Jon_2\AppData\Local\{A5A4B3AE-3567-483B-8ACC-010A868227C0}
    2011-02-12 10:54 . 2011-02-12 10:54 -------- d-----w- c:\users\Jon_2\AppData\Local\{71CC6630-F2C2-4ECF-AB5D-B58718A7BE5E}
    2011-02-11 16:05 . 2011-02-11 16:05 -------- d-----w- c:\users\Jon_2\AppData\Local\{1B69EA80-55ED-4B59-89A1-1B7EED46ED94}
    2011-02-10 21:49 . 2011-02-10 21:49 -------- d-----w- c:\users\Jon_2\AppData\Local\{93FE847E-6AC9-4864-A382-7E6DCD0B5623}
    2011-02-10 12:09 . 2011-02-13 22:43 -------- d-----w- c:\program files (x86)\Voobly
    2011-02-10 11:37 . 2011-02-13 22:43 -------- d-----w- c:\program files (x86)\Age Of Empires 2 & The Conquerors Expansion - Full Game
    2011-02-10 10:52 . 2011-02-13 22:43 -------- d-----w- c:\program files (x86)\Registry Winner
    2011-02-10 09:48 . 2011-02-10 09:49 -------- d-----w- c:\users\Jon_2\AppData\Local\{6D4B6ADA-DAD8-4C06-ABBC-8EE6B4F1E704}
    2011-02-10 09:20 . 2011-02-10 09:21 -------- d-----w- c:\users\Jon_2\AppData\Local\{DC63AF32-F6AB-4838-8E10-98E11E6A1054}
    2011-02-09 20:35 . 2011-02-09 20:35 -------- d-----w- c:\users\Jon_2\AppData\Local\{0B77DC30-E087-4D1B-8675-A05A29D4A3C3}
    2011-02-09 19:49 . 2011-02-09 19:49 -------- d-----w- c:\users\Jon_2\AppData\Roaming\DAEMON Tools Lite
    2011-02-09 19:42 . 2011-02-09 22:35 -------- d-----w- c:\programdata\DAEMON Tools Lite
    2011-02-09 19:42 . 2011-02-09 19:42 -------- d-----w- c:\users\Jon\AppData\Roaming\DAEMON Tools Lite
    2011-02-09 08:35 . 2011-02-09 08:35 -------- d-----w- c:\users\Jon_2\AppData\Local\{9539565D-796B-4BF2-B1E1-91D1BEDD0426}
    2011-02-08 15:44 . 2011-02-08 15:44 -------- d-----w- c:\users\Jon_2\AppData\Roaming\Foxit Software
    2011-02-08 15:30 . 2011-02-08 15:30 -------- d-----w- c:\users\Jon_2\AppData\Local\{E0B2A0A9-4CE3-4FA9-88CE-94A471F8728C}
    2011-02-07 20:06 . 2011-02-07 20:06 -------- d-----w- c:\users\Jon_2\AppData\Local\{F124E468-7596-407A-AF4C-8BF1B0F6F6EC}
    2011-02-07 08:05 . 2011-02-07 08:05 -------- d-----w- c:\users\Jon_2\AppData\Local\{2367CD32-EA7B-4975-8597-1A65EA819547}
    2011-02-06 18:24 . 2011-02-06 18:24 -------- d-----w- c:\users\Jon_2\AppData\Local\{19003CF6-1429-4EE6-B230-6B3C5AE33F13}
    2011-02-05 08:57 . 2011-02-05 08:57 -------- d-----w- c:\users\Jon_2\AppData\Local\{55CD77F3-4F39-4ABF-96BE-F0CC5A232CC2}
    2011-02-04 16:08 . 2011-02-04 16:08 -------- d-----w- c:\users\Jon_2\AppData\Local\{57B259FA-E0FB-41A1-8050-E18CB4481C89}
    2011-02-03 22:23 . 2011-02-03 22:24 -------- d-----w- c:\users\Jon_2\AppData\Local\{F0D9BCAA-D8DE-464E-9270-3E134D647854}
    2011-02-03 21:51 . 2011-02-03 21:51 -------- d-----w- c:\program files (x86)\Duty Calls
    2011-02-03 10:23 . 2011-02-03 10:23 -------- d-----w- c:\users\Jon_2\AppData\Local\{91705F3C-3424-4ECF-9ACC-5CE53121DB4E}
    2011-02-02 15:37 . 2011-02-02 15:37 -------- d-----w- c:\users\Jon_2\AppData\Local\{34D68A17-F69B-48CE-AD55-B9457A021A99}
    2011-02-01 19:45 . 2011-02-01 19:45 -------- d-----w- c:\users\Jon_2\AppData\Local\{18A6F018-8561-4EBD-8D7F-B5477B264525}
    2011-02-01 16:16 . 2011-02-01 16:16 -------- d-----w- c:\windows\en
    2011-02-01 16:04 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
    2011-02-01 16:04 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2011-02-01 16:04 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
    2011-02-01 16:04 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
    2011-02-01 16:04 . 2011-02-01 16:04 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a88975e61cbc22903\MeshBetaRemover.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-26 00:27 . 2010-03-27 12:12 24072 ----a-w- c:\windows\gdrv.sys
    2011-02-25 23:24 . 2010-03-27 23:43 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2011-02-25 23:24 . 2010-03-27 16:48 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2011-02-25 23:22 . 2010-03-27 16:48 234280 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2011-02-02 17:11 . 2010-03-27 10:45 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-02-02 15:40 . 2010-05-16 10:01 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2011-02-02 15:40 . 2010-05-19 14:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2011-02-02 15:39 . 2010-05-16 10:01 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2011-01-27 15:34 . 2010-03-29 21:36 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2011-01-27 15:33 . 2010-05-20 10:00 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2011-01-27 15:33 . 2010-03-29 21:35 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-01-26 23:37 . 2011-01-26 23:37 9085952 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2011-01-26 23:22 . 2011-01-26 23:22 22295040 ----a-w- c:\windows\system32\atio6axx.dll
    2011-01-26 23:00 . 2011-01-26 23:00 143360 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-01-26 23:00 . 2010-08-04 00:54 596480 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2011-01-26 22:59 . 2011-01-26 22:59 17204736 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2011-01-26 22:59 . 2010-03-03 04:15 708608 ----a-w- c:\windows\system32\aticfx64.dll
    2011-01-26 22:56 . 2011-01-26 22:56 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-01-26 22:56 . 2011-01-26 22:56 479232 ----a-w- c:\windows\system32\atieclxx.exe
    2011-01-26 22:55 . 2011-01-26 22:55 203776 ----a-w- c:\windows\system32\atiesrxx.exe
    2011-01-26 22:54 . 2011-01-26 22:54 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2011-01-26 22:54 . 2011-01-26 22:54 423424 ----a-w- c:\windows\system32\atipdl64.dll
    2011-01-26 22:53 . 2011-01-26 22:53 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
    2011-01-26 22:53 . 2011-01-26 22:53 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
    2011-01-26 22:53 . 2011-01-26 22:53 16384 ----a-w- c:\windows\system32\atimuixx.dll
    2011-01-26 22:53 . 2011-01-26 22:53 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2011-01-26 22:53 . 2011-01-26 22:53 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2011-01-26 22:49 . 2010-08-04 00:46 4105728 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2011-01-26 22:40 . 2009-10-07 03:44 4847616 ----a-w- c:\windows\system32\atidxx64.dll
    2011-01-26 22:32 . 2011-01-26 22:32 1208320 ----a-w- c:\windows\system32\atiumd6v.dll
    2011-01-26 22:32 . 2011-01-26 22:32 1912832 ----a-w- c:\windows\SysWow64\atiumdmv.dll
    2011-01-26 22:32 . 2011-01-26 22:32 3222016 ----a-w- c:\windows\system32\atiumd6a.dll
    2011-01-26 22:28 . 2010-03-03 03:46 4170752 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2011-01-26 22:27 . 2011-01-26 22:27 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2011-01-26 22:27 . 2011-01-26 22:27 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2011-01-26 22:27 . 2011-01-26 22:27 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2011-01-26 22:27 . 2011-01-26 22:27 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2011-01-26 22:27 . 2011-01-26 22:27 6982144 ----a-w- c:\windows\system32\aticaldd64.dll
    2011-01-26 22:25 . 2011-01-26 22:25 5580800 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2011-01-26 22:24 . 2010-03-03 03:24 3463680 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2011-01-26 22:21 . 2011-01-26 22:21 5316096 ----a-w- c:\windows\system32\atiumd64.dll
    2011-01-26 22:20 . 2010-03-03 03:23 58880 ----a-w- c:\windows\system32\coinst.dll
    2011-01-26 22:14 . 2011-01-26 22:14 354304 ----a-w- c:\windows\system32\atiadlxx.dll
    2011-01-26 22:14 . 2011-01-26 22:14 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2011-01-26 22:13 . 2011-01-26 22:13 14848 ----a-w- c:\windows\system32\atig6pxx.dll
    2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- c:\windows\system32\atiglpxx.dll
    2011-01-26 22:13 . 2011-01-26 22:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
    2011-01-26 22:13 . 2011-01-26 22:13 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2011-01-26 22:13 . 2011-01-26 22:13 299520 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2011-01-26 22:12 . 2010-03-03 03:06 39936 ----a-w- c:\windows\system32\atiuxp64.dll
    2011-01-26 22:12 . 2010-08-04 00:15 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2011-01-26 22:12 . 2010-03-03 03:06 38400 ----a-w- c:\windows\system32\atiu9p64.dll
    2011-01-26 22:12 . 2010-03-03 03:06 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2011-01-26 22:11 . 2011-01-26 22:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2011-01-26 22:08 . 2011-01-26 22:08 53760 ----a-w- c:\windows\system32\atimpc64.dll
    2011-01-26 22:08 . 2011-01-26 22:08 53760 ----a-w- c:\windows\system32\amdpcom64.dll
    2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2010-12-07 12:17 . 2010-12-07 12:17 51200 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2010-12-07 12:15 . 2010-12-07 12:15 52736 ----a-w- c:\windows\system32\OpenCL.dll
    2010-12-03 23:11 . 2010-03-27 16:48 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-09-28 22:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2010-11-16 1242448]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-08-27 5904896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
    "SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2010-04-06 149280]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-04-28 142120]
    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-06-29 74752]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
    "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

    c:\users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech . Product Registration.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    NETGEAR WPN111 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WPN111\wpn111.exe [2010-3-27 995328]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 GEST Service;GEST Service for program management.;c:\program files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2008-12-08 68136]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 136176]
    R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [2006-11-28 43328]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-20 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 203776]
    S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-04-16 173352]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 9085952]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 299520]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
    S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2009-04-30 15896]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-04-30 327576]
    S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [2006-11-28 41280]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
    S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111vx.sys [2008-08-05 1075712]


    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 22:38]

    2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 22:38]

    2010-06-27 c:\windows\Tasks\Install_NSS.job
    - c:\program files (x86)\DivX\Symantec\scstubinstaller.exe [2010-03-08 18:00]
    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RAVCpl64.exe" [2008-07-24 6452256]
    "Skytel"="Skytel.exe" [2008-07-24 1833504]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.co.uk/
    uInternet Settings,ProxyOverride = *.local
    TCP: {00E80E85-562A-4664-A665-738101722AB5} = 192.168.1.1,192.168.1.2
    DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
    FF - ProfilePath - c:\users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\a7878fne.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cbb2ed5&v=6.011.025.001&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: HyperCamToolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
    FF - Ext: Foxit PDF Creator Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Wow6432Node-HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    AddRemove-Mafia Game - c:\windows\system32\MafiaSetup.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2655220596-4292365919-2197331805-1000\Software\SecuROM\License information*]
    "datasecu"=hex:c8,99,95,ba,c6,f9,91,d3,ba,eb,87,85,f9,3a,3f,55,b2,71,29,68,20,
    05,51,12,7e,a2,64,1a,dc,49,5b,09,13,d9,cd,ed,22,0b,b3,64,10,76,87,7b,91,f3,\
    "rkeysecu"=hex:7d,07,e4,4b,ce,12,0e,31,31,e7,d4,4b,dd,30,4d,26

    [HKEY_USERS\S-1-5-21-2655220596-4292365919-2197331805-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:35,51,a4,65,e6,ed,21,1a,bb,45,87,10,35,b6,26,72,5d,75,fc,52,0d,2f,c9,
    31,25,14,b3,b7,e9,56,1c,5c,22,50,29,0b,66,24,51,3b,c4,84,df,68,87,95,95,e6,\
    "??"=hex:6b,9c,9a,1f,7f,46,30,e4,e2,44,f9,78,92,32,75,73

    [HKEY_USERS\S-1-5-21-2655220596-4292365919-2197331805-1004\Software\SecuROM\License information*]
    "datasecu"=hex:1d,70,57,0d,45,3d,9e,ab,c4,26,4c,46,ac,3f,e5,57,0c,7f,51,f0,c0,
    45,46,49,27,09,66,86,2c,97,64,8b,fa,f1,f0,6e,22,14,a1,c8,f1,9b,cb,18,cc,e6,\
    "rkeysecu"=hex:43,ee,1c,31,81,97,33,f0,75,63,15,bd,fc,4c,1f,8e

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
    .
    **************************************************************************
    .
    Completion time: 2011-02-26 00:31:56 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-02-26 00:31

    Pre-Run: 677,821,517,824 bytes free
    Post-Run: 677,499,887,616 bytes free

    - - End Of File - - 7278A34FADC23D28BEBEF332A6241431
  9. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Uninstall Ask Toolbar, known foistware.

    Combofix log looks fine now.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  10. Jonny Napalm

    Jonny Napalm TS Rookie Topic Starter Posts: 16

    So far so good, I haven't been redirected or had a BSOD all day.
  11. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Good news :)
     
  12. Jonny Napalm

    Jonny Napalm TS Rookie Topic Starter Posts: 16

    Also how do I uninstall the Ask Toolbar?
  13. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    It should be listed in Control Panel>Programs & Features.
    If it's not, let me know and continue with OTL.
  14. Jonny Napalm

    Jonny Napalm TS Rookie Topic Starter Posts: 16

    OTL log

    Nope it's not there, the only toolbare related thing in there is the Bing Bar. But anyways here are the Logs for the OTL

    OTL logfile created on: 26/02/2011 01:21:09 - Run 1
    OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Jon_2\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
    8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 630.83 Gb Free Space | 67.73% Space Free | Partition Type: NTFS

    Computer Name: JON-PC | User Name: Jon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/02/26 01:09:31 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Jon_2\Desktop\OTL.exe
    PRC - [2010/12/03 23:11:18 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2010/09/01 06:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/06/29 04:00:16 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
    PRC - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/04/16 07:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
    PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    PRC - [2009/08/17 11:27:36 | 000,995,328 | ---- | M] (NETGEAR) -- C:\Program Files (x86)\NETGEAR\WPN111\WPN111.exe
    PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/02/26 01:09:31 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Jon_2\Desktop\OTL.exe
    MOD - [2010/08/21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/01/26 22:55:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
    SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2011/02/25 00:39:30 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011/01/05 07:29:19 | 003,129,432 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_dbc0250.dll -- (Akamai)
    SRV - [2010/12/03 23:11:18 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/04/16 07:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2008/12/08 17:15:26 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/01/26 23:37:20 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2011/01/26 23:37:20 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/01/26 22:13:32 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010/11/17 12:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010/07/21 15:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
    DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
    DRV:64bit: - [2009/09/30 14:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009/07/14 01:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/14 01:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 01:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 20:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/04/30 23:01:34 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
    DRV:64bit: - [2009/04/30 22:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
    DRV:64bit: - [2009/04/30 22:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
    DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2008/11/04 02:21:08 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
    DRV:64bit: - [2008/08/05 00:21:48 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPN111vx.sys -- (WPN111)
    DRV:64bit: - [2006/11/28 21:46:20 | 000,043,328 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCAMp50a64.sys -- (PCAMp50a64)
    DRV:64bit: - [2006/11/28 21:46:20 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCASp50a64.sys -- (PCASp50a64)
    DRV - [2011/02/26 00:27:38 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2655220596-4292365919-2197331805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKU\S-1-5-21-2655220596-4292365919-2197331805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
    IE - HKU\S-1-5-21-2655220596-4292365919-2197331805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D4 2A 24 CB 9D CD CA 01 [binary data]
    IE - HKU\S-1-5-21-2655220596-4292365919-2197331805-1000\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
    IE - HKU\S-1-5-21-2655220596-4292365919-2197331805-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2655220596-4292365919-2197331805-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
    IE - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C FB CF 3E FE 39 CB 01 [binary data]
    IE - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/ig?hl=en&source=iglk"
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
    FF - prefs.js..extensions.enabledItems: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.6
    FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
    FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cbb2ed5&v=6.011.025.001&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q="


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/02/13 22:43:34 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/02/13 22:43:35 | 000,000,000 | ---D | M]

    [2010/03/27 11:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon\AppData\Roaming\mozilla\Extensions
    [2011/01/26 08:06:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon\AppData\Roaming\mozilla\Firefox\Profiles\a7878fne.default\extensions
    [2010/04/07 19:18:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Jon\AppData\Roaming\mozilla\Firefox\Profiles\a7878fne.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/08/13 11:53:28 | 000,000,000 | ---D | M] (HyperCam Toolbar) -- C:\Users\Jon\AppData\Roaming\mozilla\Firefox\Profiles\a7878fne.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
    [2011/02/13 22:41:34 | 000,000,000 | ---D | M] (Foxit PDF Creator Toolbar) -- C:\Users\Jon\AppData\Roaming\mozilla\Firefox\Profiles\a7878fne.default\extensions\toolbar@ask.com
    [2010/10/17 17:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/06/29 04:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    [2010/12/03 17:47:02 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/12/03 17:47:02 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2010/12/03 17:47:02 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/12/03 17:47:02 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2011/01/21 23:00:07 | 000,428,769 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 www.123fporn.info
    O1 - Hosts: 14761 more lines...
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
    O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
    O4 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1000..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
    O4 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    O4 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] File not found
    O4 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004..\Run: [Logitech Vid] File not found
    O4 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O4 - Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
    Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
    Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
    Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
    Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
    Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()
    Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/02/26 00:31:58 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\temp
    [2011/02/26 00:19:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/02/26 00:19:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/02/26 00:19:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/02/26 00:19:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/02/26 00:19:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/02/26 00:01:14 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/02/25 17:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
    [2011/02/25 17:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
    [2011/02/25 17:09:55 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Leadertech
    [2011/02/25 16:28:59 | 000,000,000 | ---D | C] -- C:\Temp
    [2011/02/25 01:01:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/02/25 01:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/02/25 01:01:18 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/02/19 21:53:20 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoD2 Pure v2.0
    [2011/02/19 21:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CoD2 Pure v2.0
    [2011/02/19 21:53:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CoD2 Pure v2.0
    [2011/02/19 16:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2011/02/19 16:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
    [2011/02/19 16:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Stream SDK v2
    [2011/02/19 16:28:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Stream
    [2011/02/19 16:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
    [2011/02/19 16:19:31 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/02/18 15:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Photoshop Express Uploader
    [2011/02/18 15:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
    [2011/02/13 13:18:23 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Nero
    [2011/02/12 23:19:35 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Malwarebytes
    [2011/02/12 23:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/02/12 23:19:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/02/10 12:09:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Voobly
    [2011/02/10 11:37:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Age Of Empires 2 & The Conquerors Expansion - Full Game
    [2011/02/10 10:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Winner
    [2011/02/10 10:45:25 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2011/02/09 19:42:23 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\DAEMON Tools Lite
    [2011/02/09 19:42:23 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
    [2011/02/03 21:51:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Duty Calls
    [2011/02/01 16:16:40 | 000,000,000 | ---D | C] -- C:\Windows\en

    ========== Files - Modified Within 30 Days ==========

    [2011/02/26 00:48:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/02/26 00:35:35 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/02/26 00:35:35 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/02/26 00:27:43 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/02/26 00:27:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/02/26 00:27:27 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
    [2011/02/26 00:24:37 | 000,739,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/02/26 00:24:37 | 000,636,792 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/02/26 00:24:37 | 000,114,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/02/25 23:24:02 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
    [2011/02/25 23:24:02 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2011/02/25 23:22:58 | 000,234,280 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
    [2011/02/25 17:20:17 | 000,001,029 | ---- | M] () -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    [2011/02/25 17:18:14 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software.lnk
    [2011/02/25 17:16:16 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
    [2011/02/25 17:07:28 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2011/02/25 01:50:08 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2011/02/25 01:01:22 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/02/19 21:53:20 | 000,001,968 | ---- | M] () -- C:\Users\Jon\Desktop\CoD2 Pure.lnk
    [2011/02/18 15:50:09 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Express Uploader.lnk
    [2011/02/17 18:56:15 | 355,178,561 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/02/17 18:42:40 | 000,432,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/02/13 13:18:42 | 000,000,064 | ---- | M] () -- C:\Users\Jon\AppData\Roaming\default.pls

    ========== Files Created - No Company Name ==========

    [2011/02/26 00:19:59 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/02/26 00:19:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/02/26 00:19:59 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/02/26 00:19:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/02/26 00:19:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/02/25 17:20:17 | 000,001,029 | ---- | C] () -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    [2011/02/25 17:18:14 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software.lnk
    [2011/02/25 17:16:16 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
    [2011/02/25 17:07:28 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2011/02/25 01:50:15 | 000,773,120 | ---- | C] () -- C:\Windows\SysWow64\NEROINSTAEC43759.DB
    [2011/02/25 01:50:07 | 000,001,024 | ---- | C] () -- C:\.rnd
    [2011/02/25 01:01:22 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/02/19 21:53:20 | 000,001,968 | ---- | C] () -- C:\Users\Jon\Desktop\CoD2 Pure.lnk
    [2011/02/13 14:49:06 | 355,178,561 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/02/13 13:18:42 | 000,000,064 | ---- | C] () -- C:\Users\Jon\AppData\Roaming\default.pls
    [2010/10/14 11:08:03 | 000,747,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2010/08/20 14:02:02 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2010/07/09 19:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
    [2010/07/03 11:52:56 | 000,000,210 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2010/04/25 13:28:46 | 000,000,000 | ---- | C] () -- C:\Users\Jon\AppData\Local\prvlcl.dat
    [2010/03/27 16:48:28 | 000,000,293 | ---- | C] () -- C:\Windows\game.ini
    [2010/03/27 12:41:35 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
    [2010/03/27 12:12:33 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
    [2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

    ========== LOP Check ==========

    [2010/09/17 19:44:30 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Auslogics
    [2010/10/17 17:14:37 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\AVG10
    [2011/02/09 19:42:23 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\DAEMON Tools Lite
    [2011/02/25 17:09:55 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Leadertech
    [2010/05/16 19:19:30 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\TeamViewer
    [2010/04/25 12:51:23 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Uniblue
    [2011/02/17 21:35:46 | 000,000,000 | ---D | M] -- C:\Users\Jon_2\AppData\Roaming\Audacity
    [2011/02/26 00:12:47 | 000,000,000 | ---D | M] -- C:\Users\Jon_2\AppData\Roaming\AVG10
    [2011/02/24 19:53:50 | 000,000,000 | ---D | M] -- C:\Users\Jon_2\AppData\Roaming\Beehta
    [2010/04/21 22:33:30 | 000,000,000 | ---D | M] -- C:\Users\Jon_2\AppData\Roaming\com.adobe.px.Uploader.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
    [2011/02/09 19:49:27 | 000,000,000 | ---D | M] -- C:\Users\Jon_2\AppData\Roaming\DAEMON Tools Lite
    [2010/05/19 16:23:04 | 000,000,000 | ---D | M] -- C:\Users\Jon_2\AppData\Roaming\Ewen Chia's My Free Website Builder
    [2011/02/08 15:44:20 | 000,000,000 | ---D | M] -- C:\Users\Jon_2\AppData\Roaming\Foxit Software
    [2011/02/24 20:33:13 | 000,000,000 | ---D | M] -- C:\Users\Jon_2\AppData\Roaming\Olro
    [2010/08/05 12:13:14 | 000,000,000 | ---D | M] -- C:\Users\Jon_2\AppData\Roaming\SystemRequirementsLab
    [2010/06/12 08:05:26 | 000,000,000 | ---D | M] -- C:\Users\Jon_2\AppData\Roaming\TeamViewer
    [2010/03/27 19:27:04 | 000,000,000 | ---D | M] -- C:\Users\Jon_2\AppData\Roaming\Ubisoft
    [2010/10/22 11:28:43 | 000,000,000 | ---D | M] -- C:\Users\Jon_2\AppData\Roaming\Windows Live Writer
    [2011/02/25 16:28:26 | 000,000,000 | ---D | M] -- C:\Users\localadmin\AppData\Roaming\AVG10
    [2011/01/14 18:42:10 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/02/25 01:50:08 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2011/02/26 00:31:56 | 000,030,547 | ---- | M] () -- C:\ComboFix.txt
    [2010/03/27 12:23:51 | 000,000,197 | ---- | M] () -- C:\csb.log
    [2011/02/26 00:27:27 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
    [2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2011/02/26 00:27:30 | 4293,386,240 | -HS- | M] () -- C:\pagefile.sys
    [2010/03/27 12:21:43 | 000,000,473 | ---- | M] () -- C:\RHDSetup.log
    [2011/02/26 00:27:42 | 000,000,135 | ---- | M] () -- C:\service.log
    [2011/02/25 09:37:16 | 000,064,764 | ---- | M] () -- C:\TDSSKiller.2.4.18.0_25.02.2011_09.36.28_log.txt
    [2011/02/25 16:30:03 | 000,064,172 | ---- | M] () -- C:\TDSSKiller.2.4.18.0_25.02.2011_16.29.35_log.txt
    [2011/02/19 22:05:09 | 000,000,065 | ---- | M] () -- C:\tstamps.log

    < %systemroot%\Fonts\*.com >
    [2009/07/14 05:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 05:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 05:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 05:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 20:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/08/02 21:00:50 | 000,551,424 | ---- | M] () -- C:\Windows\TheMatrix.scr
    [2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 04:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >
    [2008/06/23 17:36:24 | 000,773,120 | ---- | M] () -- C:\Windows\SysWOW64\NEROINSTAEC43759.DB

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/03/27 11:08:09 | 000,000,221 | -HS- | M] () -- C:\Users\Jon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 21:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/12 08:51:35 | 000,000,402 | -HS- | M] () -- C:\Users\Jon\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:07BF512B
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0B4227B4

    < End of report >
  15. Jonny Napalm

    Jonny Napalm TS Rookie Topic Starter Posts: 16

    Extra logs

    Here are the Extra logs

    OTL Extras logfile created on: 26/02/2011 01:21:09 - Run 1
    OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Jon_2\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
    8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 630.83 Gb Free Space | 67.73% Space Free | Partition Type: NTFS

    Computer Name: JON-PC | User Name: Jon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2655220596-4292365919-2197331805-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_USERS\S-1-5-21-2655220596-4292365919-2197331805-1004\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
    "{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
    "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
    "{5E2BDF97-E0C7-75AE-29E1-5EA9DA262F2F}" = WMV9/VC-1 Video Playback
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}" = AMD Drag and Drop Transcoding
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
    "{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
    "{AE57C044-8912-A181-A0E4-BC2DAB3A092A}" = ATI Catalyst Install Manager
    "{B2C5B378-546F-75A7-7757-C1EAAFAF9E33}" = ccc-utility64
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
    "{CDDE7049-3EC8-933E-69C9-C65B3AAD8E24}" = ATI Problem Report Wizard
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EB78DD44-9AEE-7160-4AC3-053636D393C6}" = ATI AVIVO64 Codecs
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F74B11BF-3361-4B33-AF8D-75812E184973}" = SmartFTP Client
    "CCleaner" = CCleaner
    "HyperCam 2 (64 bit)" = HyperCam 2 (64 bit)
    "lvdrivers_12.10" = Logitech Webcam Software Driver Package
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{038B4F30-BA46-41FD-B7A6-492887792CC1}_is1" = Death to Spies (Remove Only)
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
    "{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
    "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific
    "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{23FBECC1-FA31-472A-83FB-27520B81EC3A}_is1" = TheMatrix Screen Saver version 1.14
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{37643DF0-33B5-4247-B0D9-AF8BACCED127}" = Call of Duty(R) 2 Mod Tools
    "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
    "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
    "{3CA23CAC-A4CA-3FA8-C306-561E56C882A7}" = Adobe Photoshop Express Uploader
    "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
    "{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
    "{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
    "{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
    "{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
    "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
    "{582E9125-32B6-4CBA-AB48-3E33CE3DB389}" = NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
    "{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
    "{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
    "{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
    "{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
    "{664D6E1D-2A6C-D54D-31A5-B6BC30CEB0C6}" = CCC Help English
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® Home Stuff
    "{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
    "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
    "{7B9F5775-8C8C-2A4E-0CAB-74EA7AF5CB09}" = ccc-core-static
    "{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.1208.1
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91311305-E6FC-958E-4AAC-D737C6F2A00E}" = Application Profiles
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
    "{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}" = The Godfather™ II
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA945C94-285E-DE48-A30F-70105C6580DE}" = Catalyst Control Center Graphics Previews Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{B138D49F-B412-4B4A-9198-374EE0D593B7}" = DSA Motorcyclist Theory Test
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CC29B835-95A5-3CD9-087B-F94D7B9ECC9B}" = Catalyst Control Center InstallProxy
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
    "{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
    "{D5AED751-CD8F-43EF-8720-AD970CBEA741}" = Medal of Honor™ MP Open Beta
    "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
    "{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}" = The Matrix - Path of Neo
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{E7951681-CCC7-24AA-7BFE-9647F477DCFF}" = HydraVision
    "{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EE191976-E84B-4D96-9088-77793EF81536}_is1" = Death to Spies: Moment of Truth (Remove Only)
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
    "{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Akamai" = Akamai NetSession Interface
    "AMP WinOFF" = AMP WinOFF
    "ArmA 2" = ArmA 2 Uninstall
    "ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
    "CoD2 Pure v2.0" = CoD2 Pure v2.0
    "com.adobe.px.Uploader.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop Express Uploader
    "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
    "DivX Setup.divx.com" = DivX Setup
    "EA Download Manager" = EA Download Manager
    "EAX Unified" = EAX Unified
    "Foxit Reader" = Foxit Reader
    "Fraps" = Fraps (remove only)
    "GameSpy Arcade" = GameSpy Arcade
    "Halloween Desktop Animations_is1" = Halloween Desktop Animations version 1.0
    "Hitman 2: Silent Assassin" = Hitman 2: Silent Assassin
    "Hitman: Contracts" = Hitman: Contracts
    "HyperCam Toolbar" = HyperCam Toolbar
    "InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
    "InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
    "InstallShield_{37643DF0-33B5-4247-B0D9-AF8BACCED127}" = Call of Duty(R) 2 Mod Tools
    "InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
    "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    "InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
    "InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
    "InstallShield_{B138D49F-B412-4B4A-9198-374EE0D593B7}" = DSA Motorcyclist Theory Test
    "InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
    "InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
    "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
    "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
    "Logitech Vid" = Logitech Vid HD
    "Mafia Game" = Mafia Game
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
    "OpenAL" = OpenAL
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "PunkBusterSvc" = PunkBuster Services
    "SHOUTcastDSP" = SHOUTcast Source DSP 1.9.1 (remove only)
    "SmartFTP Client 4.0 (x64) Setup Files" = SmartFTP Client Setup Files 4.0 (x64) (remove only)
    "Steam App 10" = Counter-Strike
    "Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes
    "Steam App 10680" = Aliens vs Predator
    "Steam App 13140" = America's Army 3
    "Steam App 240" = Counter-Strike: Source
    "Steam App 30" = Day of Defeat
    "Steam App 320" = Half-Life 2: Deathmatch
    "Steam App 40" = Deathmatch Classic
    "Steam App 400" = Portal
    "Steam App 4000" = Garry's Mod
    "Steam App 42700" = Call of Duty: Black Ops
    "Steam App 42710" = Call of Duty: Black Ops - Multiplayer
    "Steam App 47770" = Medal of Honor Beta
    "Steam App 50130" = Mafia II
    "Steam App 60" = Ricochet
    "Steam App 80" = Counter-Strike: Condition Zero
    "Steam App 8190" = Just Cause 2
    "TeamViewer 5" = TeamViewer 5
    "Winamp" = Winamp
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "Xfire" = Xfire (remove only)

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2655220596-4292365919-2197331805-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Battelfield 2 Nuke Mini Mod" = Battelfield 2 Nuke Mini Mod
    "Winamp Detect" = Winamp Detector Plug-in

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2655220596-4292365919-2197331805-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Jon_2
    "TeamSpeak 3 Client" = TeamSpeak 3 Client

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 25/02/2011 09:43:09 | Computer Name = JON-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: JustCause2.exe, version: 1.0.0.2, time
    stamp: 0x4c1b5791 Faulting module name: JustCause2.exe, version: 1.0.0.2, time stamp:
    0x4c1b5791 Exception code: 0xc0000005 Fault offset: 0x00778258 Faulting process id:
    0x157c Faulting application start time: 0x01cbd4ed2dc77e33 Faulting application path:
    c:\program files (x86)\steam\steamapps\common\just cause 2\JustCause2.exe Faulting
    module path: c:\program files (x86)\steam\steamapps\common\just cause 2\JustCause2.exe
    Report
    Id: 2e2d9cb4-40e5-11e0-b7af-6cf049506c42

    Error - 25/02/2011 10:50:15 | Computer Name = JON-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: JustCause2.exe, version: 1.0.0.2, time
    stamp: 0x4c1b5791 Faulting module name: JustCause2.exe, version: 1.0.0.2, time stamp:
    0x4c1b5791 Exception code: 0xc0000005 Fault offset: 0x00778258 Faulting process id:
    0xd48 Faulting application start time: 0x01cbd4f7d4bf9029 Faulting application path:
    c:\program files (x86)\steam\steamapps\common\just cause 2\JustCause2.exe Faulting
    module path: c:\program files (x86)\steam\steamapps\common\just cause 2\JustCause2.exe
    Report
    Id: 8dc350db-40ee-11e0-b7af-6cf049506c42

    Error - 25/02/2011 13:16:35 | Computer Name = JON-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: Vid.exe, version: 7.2.7230.0, time stamp:
    0x4c7834b1 Faulting module name: QtWebKit4.dll, version: 4.5.0.14, time stamp: 0x49ada850
    Exception
    code: 0xc0000005 Fault offset: 0x00027207 Faulting process id: 0xc04 Faulting application
    start time: 0x01cbd50fb661c26a Faulting application path: C:\Program Files (x86)\Logitech\Vid
    HD\Vid.exe Faulting module path: C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll
    Report
    Id: feb8fe44-4102-11e0-b6a3-6cf049506c42

    Error - 25/02/2011 16:27:11 | Computer Name = JON-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files (x86)\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
    files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
    attribute "language" in element "assemblyIdentity" is invalid.

    Error - 25/02/2011 18:22:07 | Computer Name = JON-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: JustCause2.exe, version: 1.0.0.2, time
    stamp: 0x4c1b5791 Faulting module name: JustCause2.exe, version: 1.0.0.2, time stamp:
    0x4c1b5791 Exception code: 0xc0000005 Fault offset: 0x00778258 Faulting process id:
    0x1b5c Faulting application start time: 0x01cbd53835f4f75d Faulting application path:
    c:\program files (x86)\steam\steamapps\common\just cause 2\JustCause2.exe Faulting
    module path: c:\program files (x86)\steam\steamapps\common\just cause 2\JustCause2.exe
    Report
    Id: ad7b285d-412d-11e0-afe6-6cf049506c42

    Error - 25/02/2011 20:04:11 | Computer Name = JON-PC | Source = MsiInstaller | ID = 11921
    Description =

    Error - 25/02/2011 20:05:32 | Computer Name = JON-PC | Source = MsiInstaller | ID = 11921
    Description =

    Error - 25/02/2011 20:24:21 | Computer Name = JON-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: LVPrcSrv.exe, version: 12.10.1110.0, time
    stamp: 0x4acc50c4 Faulting module name: LVPrcSrv.exe, version: 12.10.1110.0, time
    stamp: 0x4acc50c4 Exception code: 0xc0000005 Fault offset: 0x0000000000007af2 Faulting
    process id: 0x650 Faulting application start time: 0x01cbd54a95046f52 Faulting application
    path: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe Faulting module
    path: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe Report Id: c135dced-413e-11e0-8c9a-6cf049506c42

    Error - 25/02/2011 20:30:55 | Computer Name = JON-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: LVPrcSrv.exe, version: 12.10.1110.0, time
    stamp: 0x4acc50c4 Faulting module name: LVPrcSrv.exe, version: 12.10.1110.0, time
    stamp: 0x4acc50c4 Exception code: 0xc0000005 Fault offset: 0x0000000000007af2 Faulting
    process id: 0x664 Faulting application start time: 0x01cbd54bf93fbfda Faulting application
    path: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe Faulting module
    path: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe Report Id: ac0c0d06-413f-11e0-b7f0-6cf049506c42

    Error - 25/02/2011 21:00:05 | Computer Name = JON-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files (x86)\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
    files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
    attribute "language" in element "assemblyIdentity" is invalid.

    [ Media Center Events ]
    Error - 10/01/2011 12:07:27 | Computer Name = NapalmINC | Source = MCUpdate | ID = 0
    Description = 16:07:26 - Error connecting to the internet. 16:07:26 - Unable
    to contact server..

    Error - 12/01/2011 03:38:32 | Computer Name = NapalmINC | Source = MCUpdate | ID = 0
    Description = 07:38:32 - Error connecting to the internet. 07:38:32 - Unable
    to contact server..

    Error - 12/01/2011 03:39:07 | Computer Name = NapalmINC | Source = MCUpdate | ID = 0
    Description = 07:39:01 - Error connecting to the internet. 07:39:01 - Unable
    to contact server..

    Error - 27/01/2011 05:36:12 | Computer Name = NapalmINC | Source = MCUpdate | ID = 0
    Description = 09:36:12 - Error connecting to the internet. 09:36:12 - Unable
    to contact server..

    Error - 27/01/2011 05:36:47 | Computer Name = NapalmINC | Source = MCUpdate | ID = 0
    Description = 09:36:41 - Error connecting to the internet. 09:36:41 - Unable
    to contact server..

    Error - 02/02/2011 03:44:39 | Computer Name = JON-PC | Source = MCUpdate | ID = 0
    Description = 07:44:39 - Error connecting to the internet. 07:44:39 - Unable
    to contact server..

    Error - 02/02/2011 03:44:48 | Computer Name = JON-PC | Source = MCUpdate | ID = 0
    Description = 07:44:44 - Error connecting to the internet. 07:44:44 - Unable
    to contact server..

    Error - 11/02/2011 03:46:26 | Computer Name = JON-PC | Source = MCUpdate | ID = 0
    Description = 07:46:26 - Error connecting to the internet. 07:46:26 - Unable
    to contact server..

    Error - 11/02/2011 03:46:37 | Computer Name = JON-PC | Source = MCUpdate | ID = 0
    Description = 07:46:31 - Error connecting to the internet. 07:46:31 - Unable
    to contact server..

    Error - 15/02/2011 12:31:56 | Computer Name = JON-PC | Source = MCUpdate | ID = 0
    Description = 16:31:56 - Failed to retrieve Broadband (Error: The operation has
    timed out)

    [ System Events ]
    Error - 25/02/2011 20:11:24 | Computer Name = JON-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the avgwd service.

    Error - 25/02/2011 20:13:23 | Computer Name = JON-PC | Source = Service Control Manager | ID = 7031
    Description = The Akamai NetSession Interface service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in 1000
    milliseconds: Restart the service.

    Error - 25/02/2011 20:13:24 | Computer Name = JON-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Akamai
    NetSession Interface service to connect.

    Error - 25/02/2011 20:19:31 | Computer Name = JON-PC | Source = Service Control Manager | ID = 7031
    Description = The Akamai NetSession Interface service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in 1000
    milliseconds: Restart the service.

    Error - 25/02/2011 20:19:33 | Computer Name = JON-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Akamai
    NetSession Interface service to connect.

    Error - 25/02/2011 20:24:22 | Computer Name = JON-PC | Source = Service Control Manager | ID = 7034
    Description = The Process Monitor service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 25/02/2011 20:24:23 | Computer Name = JON-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 25/02/2011 20:26:09 | Computer Name = JON-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 25/02/2011 20:26:38 | Computer Name = JON-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 25/02/2011 20:30:56 | Computer Name = JON-PC | Source = Service Control Manager | ID = 7034
    Description = The Process Monitor service terminated unexpectedly. It has done
    this 1 time(s).


    < End of report >
  16. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    You need to reinstall AVG.

    ========================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
      O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O3 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O3 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      [2011/02/10 10:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Winner
      [2010/04/25 12:51:23 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Uniblue
      @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:07BF512B
      @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0B4227B4
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  17. Jonny Napalm

    Jonny Napalm TS Rookie Topic Starter Posts: 16

    Heres the OTL fix logs. I will post everything else soon.

    All processes killed
    ========== OTL ==========
    HKU\S-1-5-21-2655220596-4292365919-2197331805-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Prefs.js: toolbar@ask.com:3.9.1.14019 removed from extensions.enabledItems
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_USERS\S-1-5-21-2655220596-4292365919-2197331805-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2655220596-4292365919-2197331805-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2655220596-4292365919-2197331805-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    C:\Program Files (x86)\Registry Winner\Utilities\Favorites\Windows Live folder moved successfully.
    C:\Program Files (x86)\Registry Winner\Utilities\Favorites\MSN Websites folder moved successfully.
    C:\Program Files (x86)\Registry Winner\Utilities\Favorites\Microsoft Websites folder moved successfully.
    C:\Program Files (x86)\Registry Winner\Utilities\Favorites\Links for United Kingdom folder moved successfully.
    C:\Program Files (x86)\Registry Winner\Utilities\Favorites\Links folder moved successfully.
    C:\Program Files (x86)\Registry Winner\Utilities\Favorites folder moved successfully.
    C:\Program Files (x86)\Registry Winner\Utilities folder moved successfully.
    C:\Program Files (x86)\Registry Winner folder moved successfully.
    C:\Users\Jon\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
    C:\Users\Jon\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
    C:\Users\Jon\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
    C:\Users\Jon\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
    C:\Users\Jon\AppData\Roaming\Uniblue folder moved successfully.
    ADS C:\ProgramData\TEMP:07BF512B deleted successfully.
    ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jon
    ->Temp folder emptied: 359194 bytes
    ->Temporary Internet Files folder emptied: 2155934 bytes
    ->Java cache emptied: 7140 bytes
    ->FireFox cache emptied: 4854331 bytes
    ->Flash cache emptied: 0 bytes

    User: Jon_2
    ->Temp folder emptied: 639243 bytes
    ->Temporary Internet Files folder emptied: 1477674 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 45482519 bytes
    ->Flash cache emptied: 3807 bytes

    User: localadmin
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 7103105 bytes
    ->Flash cache emptied: 456 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 307531 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 60.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Jon
    ->Flash cache emptied: 0 bytes

    User: Jon_2
    ->Flash cache emptied: 0 bytes

    User: localadmin
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.21.0 log created on 02262011_015808

    Files\Folders moved on Reboot...
    File move failed. C:\Users\Jon_2\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
  18. Jonny Napalm

    Jonny Napalm TS Rookie Topic Starter Posts: 16

    Security Check Logs

    Here are the logs from the Security check.

    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    MVPS Hosts File
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 24
    Out of date Java installed!
    Adobe Flash Player 10.2.152.26
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVG avgwdsvc.exe
    AVG avgtray.exe
    ``````````End of Log````````````
  19. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Looks good :)

    Go on.....
  20. Jonny Napalm

    Jonny Napalm TS Rookie Topic Starter Posts: 16

    Okay here are the ESET results, two threats were found.

    C:\Documents and Settings\Jon_2\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application

    C:\Users\Jon_2\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application
  21. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      C:\Documents and Settings\Jon_2\Downloads\registrybooster.exe
      C:\Users\Jon_2\Downloads\registrybooster.exe
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
  22. Jonny Napalm

    Jonny Napalm TS Rookie Topic Starter Posts: 16

    OTL logs

    Here are the first set of OTL logs, will post the others soon.

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Documents and Settings\Jon_2\Downloads\registrybooster.exe moved successfully.
    File\Folder C:\Users\Jon_2\Downloads\registrybooster.exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jon
    ->Temp folder emptied: 818654 bytes
    ->Temporary Internet Files folder emptied: 35883 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jon_2
    ->Temp folder emptied: 3425513 bytes
    ->Temporary Internet Files folder emptied: 800489 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 64489597 bytes
    ->Flash cache emptied: 2427 bytes

    User: localadmin
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 306595 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 67.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Jon
    ->Flash cache emptied: 0 bytes

    User: Jon_2
    ->Flash cache emptied: 0 bytes

    User: localadmin
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.21.0 log created on 02262011_222024

    Files\Folders moved on Reboot...
    C:\Users\Jon_2\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\Jon_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9J7M8OR\01[1].htm not found!
    File\Folder C:\Users\Jon_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9J7M8OR\ADSAdClient31[1].txt not found!
    File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
  23. Jonny Napalm

    Jonny Napalm TS Rookie Topic Starter Posts: 16

    Second lot of OTL logs

    Here are the second lot of OTL logs

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jon
    ->Temp folder emptied: 464709 bytes
    ->Temporary Internet Files folder emptied: 62096 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jon_2
    ->Temp folder emptied: 398693 bytes
    ->Temporary Internet Files folder emptied: 62096 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 6568537 bytes
    ->Flash cache emptied: 0 bytes

    User: localadmin
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 240688 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 7.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Jon
    ->Flash cache emptied: 0 bytes

    User: Jon_2
    ->Flash cache emptied: 0 bytes

    User: localadmin
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.21.0 log created on 02262011_223132

    Files\Folders moved on Reboot...
    C:\Users\Jon\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Jon_2\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
  24. Jonny Napalm

    Jonny Napalm TS Rookie Topic Starter Posts: 16

    AVG does this, should I still download this?
  25. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    You're fine then...

Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.