Solved Google Redirect and Frequent BSOD on Windows 7

[Jonny Napalm]

Hello, recently I have gotten infected with maleware. This was about 2 weeks ago, I was just about to wipe my computer and start again but then I came accross this site so, here goes.

I am running Windows 7 Home Premium x64 I got infected when trying to find a crack for a game. Since then I have been getting redirected from google and frequent BSOD errors. The errors I have encountered are:

System_Service_Exception
0x0000003B

IRQL_NOT_LESS_OR_EQUAL
0x0000000A

0x0000001E

0x00000024

0x000000F7

These errors usually apear when starting up windows or when trying to install or uninstall programes.

I have read the 8 step thing and have tried them but Step 5and step 4 don't work. When I start up DDS it pops up with a CMD type box telling me what it does and then a notepad full of random characters opens and nothing else happens.
Also when I try to save the logs after I have scanned GMER, a .log file is saved but there are no logs inside of it.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5873

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

25/02/2011 01:12:28
mbam-log-2011-02-25 (01-12-28).txt

Scan type: Quick scan
Objects scanned: 143782
Time elapsed: 2 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================================================

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[Jonny Napalm]

Okay, thanks for reply, here are the logs for the TDSSKiller

2011/02/25 09:36:28.0251 3428 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/25 09:36:28.0673 3428 ================================================================================
2011/02/25 09:36:28.0673 3428 SystemInfo:
2011/02/25 09:36:28.0673 3428
2011/02/25 09:36:28.0673 3428 OS Version: 6.1.7600 ServicePack: 0.0
2011/02/25 09:36:28.0673 3428 Product type: Workstation
2011/02/25 09:36:28.0673 3428 ComputerName: JON-PC
2011/02/25 09:36:28.0673 3428 UserName: Jon
2011/02/25 09:36:28.0673 3428 Windows directory: C:\Windows
2011/02/25 09:36:28.0673 3428 System windows directory: C:\Windows
2011/02/25 09:36:28.0673 3428 Running under WOW64
2011/02/25 09:36:28.0673 3428 Processor architecture: Intel x64
2011/02/25 09:36:28.0673 3428 Number of processors: 4
2011/02/25 09:36:28.0673 3428 Page size: 0x1000
2011/02/25 09:36:28.0673 3428 Boot type: Normal boot
2011/02/25 09:36:28.0673 3428 ================================================================================
2011/02/25 09:36:28.0829 3428 Initialize success
2011/02/25 09:36:41.0168 4416 ================================================================================
2011/02/25 09:36:41.0168 4416 Scan started
2011/02/25 09:36:41.0168 4416 Mode: Manual;
2011/02/25 09:36:41.0168 4416 ================================================================================
2011/02/25 09:36:43.0945 4416 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/02/25 09:36:43.0961 4416 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/02/25 09:36:43.0976 4416 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/02/25 09:36:44.0007 4416 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/02/25 09:36:44.0023 4416 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/02/25 09:36:44.0054 4416 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/02/25 09:36:44.0070 4416 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/02/25 09:36:44.0101 4416 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/02/25 09:36:44.0132 4416 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/02/25 09:36:44.0163 4416 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/02/25 09:36:44.0195 4416 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/02/25 09:36:44.0351 4416 amdkmdag (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/02/25 09:36:44.0507 4416 amdkmdap (7fe67d107329dc2cf89136a8e19bceb7) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/02/25 09:36:44.0522 4416 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/02/25 09:36:44.0538 4416 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/02/25 09:36:44.0553 4416 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/02/25 09:36:44.0585 4416 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/02/25 09:36:44.0600 4416 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/02/25 09:36:44.0631 4416 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/02/25 09:36:44.0647 4416 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/02/25 09:36:44.0678 4416 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/25 09:36:44.0694 4416 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/02/25 09:36:44.0741 4416 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
2011/02/25 09:36:44.0756 4416 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
2011/02/25 09:36:44.0897 4416 atikmdag (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/02/25 09:36:44.0975 4416 AVGIDSDriver (0f562e8bcf79facdfb58a5b3b95e5cfe) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/02/25 09:36:44.0990 4416 AVGIDSEH (656366fd0c0e2481a89196fb3d1be49a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/02/25 09:36:45.0037 4416 AVGIDSFilter (fdf9f596316bc1bc10726ece268a0237) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/02/25 09:36:45.0068 4416 Avgldx64 (91be0147bc27059aba6d0a478adeb1ee) C:\Windows\system32\DRIVERS\avgldx64.sys
2011/02/25 09:36:45.0099 4416 Avgmfx64 (f5ffa3053d26c55edc112e66197eed09) C:\Windows\system32\DRIVERS\avgmfx64.sys
2011/02/25 09:36:45.0131 4416 Avgrkx64 (5b3f127b26c08b1c7df5c5f111ca4030) C:\Windows\system32\DRIVERS\avgrkx64.sys
2011/02/25 09:36:45.0162 4416 Avgtdia (9140455490a9298f5a43500f1c886afe) C:\Windows\system32\DRIVERS\avgtdia.sys
2011/02/25 09:36:45.0209 4416 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/02/25 09:36:45.0224 4416 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/02/25 09:36:45.0255 4416 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/02/25 09:36:45.0271 4416 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/02/25 09:36:45.0287 4416 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/25 09:36:45.0302 4416 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/02/25 09:36:45.0318 4416 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/02/25 09:36:45.0349 4416 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/02/25 09:36:45.0365 4416 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/02/25 09:36:45.0380 4416 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/02/25 09:36:45.0396 4416 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/02/25 09:36:45.0411 4416 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/02/25 09:36:45.0443 4416 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/25 09:36:45.0458 4416 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/25 09:36:45.0489 4416 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/02/25 09:36:45.0521 4416 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/02/25 09:36:45.0552 4416 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/25 09:36:45.0567 4416 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/02/25 09:36:45.0599 4416 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/02/25 09:36:45.0614 4416 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/25 09:36:45.0645 4416 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/02/25 09:36:45.0661 4416 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/02/25 09:36:45.0708 4416 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/02/25 09:36:45.0723 4416 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/02/25 09:36:45.0739 4416 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/02/25 09:36:45.0786 4416 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/02/25 09:36:45.0817 4416 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/25 09:36:45.0895 4416 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/02/25 09:36:45.0989 4416 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/02/25 09:36:46.0004 4416 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/02/25 09:36:46.0035 4416 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/02/25 09:36:46.0051 4416 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/02/25 09:36:46.0082 4416 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/25 09:36:46.0098 4416 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/02/25 09:36:46.0113 4416 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/02/25 09:36:46.0129 4416 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/25 09:36:46.0145 4416 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/02/25 09:36:46.0160 4416 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/02/25 09:36:46.0191 4416 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/02/25 09:36:46.0207 4416 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/25 09:36:46.0238 4416 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/02/25 09:36:46.0269 4416 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/02/25 09:36:46.0285 4416 gdrv (6275303610285b57361f03a375062fba) C:\Windows\gdrv.sys
2011/02/25 09:36:46.0301 4416 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/02/25 09:36:46.0332 4416 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/02/25 09:36:46.0363 4416 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/02/25 09:36:46.0394 4416 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/25 09:36:46.0410 4416 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/02/25 09:36:46.0425 4416 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/02/25 09:36:46.0441 4416 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/02/25 09:36:46.0472 4416 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/25 09:36:46.0488 4416 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/02/25 09:36:46.0519 4416 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/02/25 09:36:46.0535 4416 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/02/25 09:36:46.0566 4416 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/25 09:36:46.0597 4416 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/02/25 09:36:46.0613 4416 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/02/25 09:36:46.0691 4416 IntcAzAudAddService (4a725cdde1a0c3d1b1eaca0d9d0d95d0) C:\Windows\system32\drivers\RTKVHD64.sys
2011/02/25 09:36:46.0722 4416 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/02/25 09:36:46.0737 4416 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/25 09:36:46.0753 4416 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/25 09:36:46.0784 4416 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/02/25 09:36:46.0800 4416 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/02/25 09:36:46.0815 4416 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/02/25 09:36:46.0831 4416 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/02/25 09:36:46.0847 4416 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/25 09:36:46.0878 4416 JRAID (db85fe8d6cbaa2047cb4da1b2c193d76) C:\Windows\system32\DRIVERS\jraid.sys
2011/02/25 09:36:46.0909 4416 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/25 09:36:46.0909 4416 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/25 09:36:46.0940 4416 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/25 09:36:46.0956 4416 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/02/25 09:36:46.0971 4416 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/02/25 09:36:47.0034 4416 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/02/25 09:36:47.0049 4416 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/02/25 09:36:47.0065 4416 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/02/25 09:36:47.0081 4416 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/02/25 09:36:47.0096 4416 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/02/25 09:36:47.0143 4416 lvpepf64 (4a503882318bb2f59218d401614e6af6) C:\Windows\system32\DRIVERS\lv302a64.sys
2011/02/25 09:36:47.0190 4416 LVPr2M64 (7717a2cb550267860d3933f3fba0216f) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2011/02/25 09:36:47.0205 4416 LVPr2Mon (7717a2cb550267860d3933f3fba0216f) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2011/02/25 09:36:47.0221 4416 LVRS64 (125ae13c293889001b8456cf3eb04a40) C:\Windows\system32\DRIVERS\lvrs64.sys
2011/02/25 09:36:47.0252 4416 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/02/25 09:36:47.0268 4416 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/02/25 09:36:47.0283 4416 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/02/25 09:36:47.0315 4416 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/25 09:36:47.0346 4416 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/25 09:36:47.0393 4416 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/25 09:36:47.0393 4416 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/02/25 09:36:47.0424 4416 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/02/25 09:36:47.0439 4416 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/25 09:36:47.0471 4416 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/25 09:36:47.0486 4416 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/25 09:36:47.0517 4416 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/25 09:36:47.0533 4416 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/25 09:36:47.0549 4416 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/02/25 09:36:47.0580 4416 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/02/25 09:36:47.0595 4416 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/02/25 09:36:47.0611 4416 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/02/25 09:36:47.0627 4416 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/02/25 09:36:47.0658 4416 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/25 09:36:47.0673 4416 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/25 09:36:47.0689 4416 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/02/25 09:36:47.0705 4416 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/02/25 09:36:47.0736 4416 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/25 09:36:47.0767 4416 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/02/25 09:36:47.0783 4416 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/02/25 09:36:47.0798 4416 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/02/25 09:36:47.0829 4416 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/25 09:36:47.0845 4416 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/02/25 09:36:47.0876 4416 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/02/25 09:36:47.0892 4416 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/25 09:36:47.0923 4416 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/25 09:36:47.0939 4416 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/25 09:36:47.0954 4416 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/02/25 09:36:47.0970 4416 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/25 09:36:47.0985 4416 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/25 09:36:48.0032 4416 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/02/25 09:36:48.0048 4416 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/02/25 09:36:48.0063 4416 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/25 09:36:48.0110 4416 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/02/25 09:36:48.0141 4416 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/02/25 09:36:48.0173 4416 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/02/25 09:36:48.0188 4416 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/02/25 09:36:48.0219 4416 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/02/25 09:36:48.0266 4416 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/25 09:36:48.0297 4416 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/02/25 09:36:48.0313 4416 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/02/25 09:36:48.0344 4416 PCAMp50a64 (304e6ac43613a9c43896c4300009442b) C:\Windows\system32\Drivers\PCAMp50a64.sys
2011/02/25 09:36:48.0375 4416 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys
2011/02/25 09:36:48.0391 4416 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/02/25 09:36:48.0407 4416 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/02/25 09:36:48.0438 4416 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/02/25 09:36:48.0453 4416 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/02/25 09:36:48.0469 4416 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/02/25 09:36:48.0594 4416 PID_PEPI (ae0b94363da0f60d42b9d05b352f61ed) C:\Windows\system32\DRIVERS\LV302V64.SYS
2011/02/25 09:36:48.0672 4416 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
2011/02/25 09:36:48.0703 4416 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/25 09:36:48.0734 4416 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/02/25 09:36:48.0812 4416 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/02/25 09:36:48.0875 4416 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/02/25 09:36:48.0890 4416 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/25 09:36:48.0906 4416 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/25 09:36:48.0937 4416 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/02/25 09:36:48.0953 4416 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/25 09:36:48.0984 4416 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/25 09:36:48.0999 4416 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/25 09:36:49.0015 4416 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/25 09:36:49.0031 4416 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/02/25 09:36:49.0046 4416 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/25 09:36:49.0077 4416 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/25 09:36:49.0109 4416 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/02/25 09:36:49.0124 4416 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/02/25 09:36:49.0140 4416 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/02/25 09:36:49.0202 4416 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/02/25 09:36:49.0280 4416 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/02/25 09:36:49.0327 4416 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/02/25 09:36:49.0452 4416 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/02/25 09:36:49.0483 4416 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/25 09:36:49.0499 4416 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/02/25 09:36:49.0514 4416 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/02/25 09:36:49.0561 4416 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/02/25 09:36:49.0577 4416 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/02/25 09:36:49.0592 4416 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/02/25 09:36:49.0608 4416 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/02/25 09:36:49.0639 4416 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/02/25 09:36:49.0655 4416 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/02/25 09:36:49.0686 4416 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/02/25 09:36:49.0701 4416 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/02/25 09:36:49.0748 4416 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/02/25 09:36:49.0779 4416 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/25 09:36:49.0795 4416 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/25 09:36:49.0811 4416 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/02/25 09:36:49.0842 4416 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/25 09:36:49.0920 4416 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/02/25 09:36:49.0982 4416 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/25 09:36:50.0029 4416 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/25 09:36:50.0045 4416 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/02/25 09:36:50.0060 4416 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/02/25 09:36:50.0076 4416 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/25 09:36:50.0107 4416 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/25 09:36:50.0138 4416 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/25 09:36:50.0154 4416 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/25 09:36:50.0185 4416 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/02/25 09:36:50.0201 4416 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/25 09:36:50.0232 4416 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/02/25 09:36:50.0263 4416 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/25 09:36:50.0279 4416 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/02/25 09:36:50.0310 4416 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/02/25 09:36:50.0325 4416 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/25 09:36:50.0357 4416 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/02/25 09:36:50.0372 4416 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/25 09:36:50.0388 4416 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/25 09:36:50.0419 4416 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/25 09:36:50.0435 4416 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/25 09:36:50.0466 4416 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/25 09:36:50.0481 4416 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/25 09:36:50.0513 4416 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/02/25 09:36:50.0528 4416 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/25 09:36:50.0544 4416 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/02/25 09:36:50.0575 4416 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/02/25 09:36:50.0591 4416 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/02/25 09:36:50.0606 4416 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/02/25 09:36:50.0622 4416 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/02/25 09:36:50.0653 4416 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/02/25 09:36:50.0669 4416 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/02/25 09:36:50.0700 4416 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/02/25 09:36:50.0731 4416 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/02/25 09:36:50.0747 4416 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/25 09:36:50.0747 4416 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/25 09:36:50.0793 4416 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/02/25 09:36:50.0809 4416 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/25 09:36:50.0856 4416 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/02/25 09:36:50.0887 4416 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/02/25 09:36:50.0949 4416 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/25 09:36:50.0996 4416 WPN111 (788914c42ad8318f1dd7a565eaffb049) C:\Windows\system32\DRIVERS\WPN111vx.sys
2011/02/25 09:36:51.0027 4416 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/25 09:36:51.0059 4416 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/02/25 09:36:51.0090 4416 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/25 09:36:51.0137 4416 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/25 09:36:51.0137 4416 ================================================================================
2011/02/25 09:36:51.0137 4416 Scan finished
2011/02/25 09:36:51.0137 4416 ================================================================================
2011/02/25 09:36:51.0137 1940 Detected object count: 1
2011/02/25 09:37:00.0185 1940 \HardDisk0 - will be cured after reboot
2011/02/25 09:37:00.0185 1940 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/02/25 09:37:16.0955 4832 Deinitialize success

 

[Broni]

Very good

See, if you can run DDS now.

 

[Jonny Napalm]

Nope, when I open DDS it comes up with the DOS box and tells me what it does, it then opens a notepad named PEV - Notepad inside it says this
Also when I right click the DDS icon and go to properties it says its a screensaver file? Screen saver (.scr)

MZ   ÿÿ ¸ @ ð º Í!¸
LÍ!This program cannot be run in DOS mode.

$ ·‘Ú›óð´Èóð´Èóð´Èúˆ!Èéð´Èúˆ0ȶð´Èúˆ7È]ð´ÈÔ6ÙÈðð´ÈÔ6ÏÈàð´ÈóðµÈ\ð´Èúˆ>ÈÃð´Èúˆ%Èòð´ÈRichóð´È PE L
 ”éÐK à 


n   0
@     
 âÆ  @      dâ à ½

 .text Ð  Ò  PEC2]O à.rsrc à  Ö à.reloc 
 è @ À ¸`ïL Pdÿ5 d‰% 3À‰PECompact2 Õ@š› Ȳ,ÚÚ^ÿЄ?šÛ€nØF˜
ž§“êá 0@.‚t"Ä×Í©2„{¹Kû!Ÿ«ŠÁ¿½¸T¶q໸ujŽ©Óq×r
×ç=2ªqñ¡utX”¢Ä¬ï©(I±œï¸QU?va0_„e;h§ˆÎ+@ä(1KEÿ@)ÒªgãÁ¯+ÝdVm`—»P¤ÞÄ{ëìÑãE›¿ØÐÕŸ# ÑO[$ŽÊcÖÙ<šŒ D‡™á3*§ÃšìÕ±hãÆÐÝHß0«„µõfTù¶Ü¤¦’øŒµ~QÐ§Ê eØûqF*Ÿ-‚§Oð`Pü ¿áO#äÈ€ÈÞÉÙ?›{«0LCûT²s÷¼ú¦“©ž·H*…›o¼}‰˜ò·òo•R4Fßf„Ñ^
r!YV–ù®Û]£àfx bñžŠôÀ¡¹åƒ?w…Èç†Ø‚ßjXÁöÿl
ãiÏC*ÛTÒå#.œ BÒÊ*õÙÒ;äúsãl~qt¦í!ôŽp?PuÚc÷ÙÝkðÞª¨ƒƒ2ͱ€VrRv¨âµ‡Ú
¥!nŠ7 2¯@JÛ•óà…+5Ÿ<©Ã}2³õÿˆ[Ñù*÷K)R‰Æy=¢Ü•U¯·Â““Z€šX)¤
"í½:*v8“¸‰º¤8€6‰µˆ Bå(qw"nŸÖ©…€•ßM¯kË_ç÷xà`4|q4-…܇FÛåº`ÑMÕñ§.3À]5_ð‰¯ ¬|¡…yhëÁ(‘³Mü1è)Óå`ië@h¼N¿ÔûȵÛX}´y¨ö¾óÚýMGM/Fâ|4¬˜ NºmÈÂIf0cœRÎd–¬â?áì‡"kÆûIIÄv¸Êç¤ÒMãó_%Äk]¾—÷›3´±PuJ¬wøFyFº×e]àŽ4H=lÿÍ©…÷*=fÙ`k…‚ƒtyBá‰M"vÄ”Z¸Y¯H+&Wz\Æ–õšóo¬›ÊŒ±!ð††¯…zdk0CÔ_xµjŠmq˜7#qv`w€€3“aØZ"㧧˜à ¸3º}ÂÝ#3[ñ¶1Dk«=Ë’ÓW–uxROµZH~ºe7óI>ðñ£Ö
”ø\j¾íö ֧Ȍ4"ò{”1·wíÿÏ?¦ím§ñ'¥saáçh8ü>Zc•*¹º¸äPËxPïrBØ„ÞÉÎ;\¾ ܦ3ŠWÍ¿ôµÂMÚ9R¹=
æÚ ½âÇ–¡Ÿ£Ã±*¦§ÆÅÅS×ØÛè×é:B:"Œû¡8µ Y÷°»B[µø°/‚zeÜÚäí+;fñ9ƒ1h—3ÆÐeqKx¯5«7;²uÍ>ÍáS§UB¯Pj5´’˜u…›##_½º„p9Ì%ø¡ü~ðÐ⯵±°Íd
/~u¨
nE“CoåÈ.p±RC*gç¾ývrYÈ$‘ë÷Éì.
MU'Õ¬8ùrìÛÊÒ«h€“>bŠ#ÉìãcOŠ
è¦BE†ghÜ*3NÃ÷M<?DŒyoÂÿ}sÀ‡þD*£*z|Ö9±'£Ñis½° -½Í(ø1u†Ø1gmkqÒyÔÚX‹øY×2kXŒüqn~¬ fE
$¢†ãÿ<"\t¾_
¸uØÚî›+ð(4",Àr'¢ªcïsV~>¦Ð¦¢}Qþ|(œþxŸª,*J6}›VØl\Ïø6äª8*-ö+zL·Þ—nH åú¢8ƒoÉÈC*þæeNVKlc²+ѹYó!´p– Û-Â*¯›¢Û;«Û~
\-—gV*×9± Á†3Ï€Å^ºr±Òó™‘Æ„gIì:΃^«ÿ{Ó°ÖOAuìÂg¿ø±ÒĉE0 û¦kå…W(‰É~ËÈkñ„x©¼·âÿÃi¾âÅܧRùð›Ë‰/ê’…÷®ä½Ü•™¼››²zÅïx¦ö%§’Eê×LvJ‹Î)[KC,œ¾Ü¢ªI´¨ð
2å¹#”G ÅÅwgFÎ*Ð/Âþ]‘ÄM5³®š)‚W-Š›=oöÌãNLòÔË8Ôltý;|µªf†qòtHŒí:±\«Ó(
!?ÀÜZ =ñÎï––¬$À¬¢/(þ3®¸ÿ™¯~
qS¨æ(2±ïÂTE• ƒ^PJ…TÕjË“)¬¹D÷!ÌývÑt›bÖôæ*vé&äòŠ×›Ü›’¸:„S²=ãJ„"+> åiÓ¹ƒŠ‚PÓ)t½÷Ý‘¨ŠW¾œ|§R‘¥Ô·`"+FN© d]I
ùH^n)اÌ$¼/¹«Þ˜æÇî!J),ÎPFîà@·æ4LÈËAê|Å>Jì‰sÉå*&Žr×|-ø×€DÚI¼¿Gcí‡ânÌÿ0õ/éþ|·M[赩*²˜Pv‹ž0GýŠl·˜
8‘u#á)Z¯ãÂFćõaåöN™šˆÀ¢ü>`[fYY¢˜¦›€ÄIJ’?CìÄG@À'KN_"Λ+…˜¹;Qš³Ô‘áÿŠ5¬£M’`ÂŽ`,Ü—µóu*è²Ð z•½Ý¹X*jn1œántü§ÇäxñuÑOj W#ÛçŽ6Ï×Í@í$(¢(eàýë´•€ êÙ©Ò%eUA8Í
*2š`,W8Ï.d»BiÌS¹- -XóE»;zàhu4ûØhOXgã–̲ÄXm‚–8ÅÔj{%$Þ1–îá}Ó¯ì3q8×Çzä'4é[ªµ®¼
£IµsÄ©JŠ†[óŽ§uh[é‹h–‘l¨tt¥5ŠA*‹õ¤fîÖ;šCO«7ؼ®‰>¡û*fHkb°¸–3wK¡Ú€,?gúà¦ËD8LRä<NÇXU‰Bú7¾
™Ÿ©G_!knƾђ
J?? cùŸëÚú¤ƒ •lÖ]Äà
º€ТÚÚ‹–R#XI¡‡ŠM,£oq›d5
gùW‘%í@K+@K?'!Ñu×nh8g—½i‡wx
¹}±Äxøæº
pÅuæm³òìÔü‚¦ßÿÙ‡jsLA#¬’;L—¥ÔÀ8,„±EÙŸïç‰âÏwì8¹×³Á?¥SuÖmîÆöÌ‚¦P€¬¨<gfƒ êÂ\B.YIn6}så*'G•NÜÔDA–GV^E‰q— Ûžúðoi×Õÿ6E¸'bÃç{!q_2fö¹2¦òBI é(|ù³ou¯ÓT–_jœ¶`´„Ór½ç¶1°«×„”|®;Ô’Žœ§©gá—lõ6·]*ÚéóÃwœ^03†¤ÛÁB…ØØ“R É\ƒíL2íSгr_M¦‰gñÜ×çõ€ÒuÛõÖoY»Ÿ
VµvÌ®‰Eª iééDÁɳµ5Q^ÂD´0¤|DU¢…úÁ@6l™I
þ8
±ÏOé¾+<yƒÐ?*ÄÈø¶ª£\ÜØù¥È㧃OÒ6.dü3
´Âõv.)Èñ(ó‚ñýqB5‰L3ÌTtë4“>²@Õ;Âtúe“„dXW™öîCÄ¥Ô–Î$¢’c
‡HgO¢AÒ •
–=IÙ‘¦DÔ1,°0ü¤Ïõ™•h=ý:C'=)Ç{„:¢lÔ&ÝÜÁ´V¼œqÇW¦ÈõÎ!d‹ÌØz¬y“ üè;ä)kœº Í–~&ñŽXSØš<Gvì»3WŠ47F¡<î7”ôd0Æ$B––
Ìy‡…—³×–Ÿ ~#|EîáÁg%a®œé/Z:ZžHÒáóðû«„ĶPhsX˜ú!urͤ^
o
{æ‹k•Ý<Rv âØ)#ú<rž63è܈¶qBÒ§k¸C‘S}
ÚÑ+‘Ï…ýú³Šg··0¥Ü•>¦(–J`îbëõQ=ðn}ýñ™Ê'0é\AWÒ¯‹b¨‚WW¹ÍÖHpð¾qN•oibJ’ÕzdÝYM¤àylùã'|¨§ðÙºa &µúí™äÄZXN¢F¦½€…I@r )@HfEƒ\ä/ש¡Ðie«ÄS³œ‚-æóƒf¥$-'þ¨Û&¨žØCMéF$”¹‚¬ ·ˆ½àmK'}cÄ-!¬Å0aH=¾@ ¨ó/†ÝÛ›_$YXiz
¨ˆ_²,½z·è¾² 2WíôÐD‚m:~^—¿'jMÝ÷Êò5$õÍ”%n†gÊXÓbõîäá8Ðb veÈIW2æSˆpöYå¥Ñe@FD
Ø>£oUV˳w½lCù ix5þ?ÑFú¹@™”¬|*€7$)Â7µL‚ö?ùb
g\\¹P4Ô(¬!…`Ñ«ö»†(Eö»‚ãwò „Ö60rë‹znµqq*6žc=ym|S‚SFÜfžÅl ‰ô¤Þ…á,c¥j‚O™°÷FìXr}Ará§rS&äåÍh¡tØ ƒÈȽÇår¥1àë_àç‡KWQ0úøþŸùz¬ÏL3³‚§£-Üù‡ Ò¾nb³’ š+%óU_r3© >jêßÏïnʦsÅÉ]YŽÔ T<Áñ× ŽÌÅôÿãÕi»ñUsòWEkƒvÒè€ÿû€»O^IÃÑÊx¯»ãµ$Â/VŒ5 …ììU|)y{ÿÔµéÇE͘l³š´Oe„ F²SŸH «ŸÄr@•›ƒÌ`d)Ý'ËK‡‡€›¸âÌŽ|ÔÁ_~NDà·v_A¼‚a˜êÊ;‰ +ç)%6ÝNt1ÒrH©/çÐù•íÉ…€Ãèœ,öxs[ ¹Ãg~¯F\ɶ=òþLMZ®Ë¥fŠRf˜Ê-ô3Ä¥Hv}µ|E3ÁÒÙ݈!§ùʹ”™’Aní2P§x©+NÝ
` þàbáÿnN´Ü¹~aªã]ÉÄEѸ•ÛºÁ8-“€¸’à‰1¡õ¦Ë§æXûžëÓ²ËÒ·‚•8se‚\2¬–C7c›djpóXýâ£]f+“$OX¹ ÞÉžÇÆ=¬o ý⇱d˜¶¦ú4ݲSê'ÖDê•h”êA„†:EUTÕ„˜ÀJLL"¿C(Ôs¨[˜¦A¿ÝLÚ`+t¿Dà2Žg˜t‚%µßîÌUù]öO È•Ÿ¥*74Ø Æ½µºÈ
(G¢”õÐ>:ÍN`.šù_½˜à¡Qƒ÷'’WJ~ˆ4ñ:¿.KÓ”p¨ÙacîÚßÏ
ˆpA%²y•Å¥kH°ÖŠWõÏoЧ|Èq¥II_{ÈÎë=äbÆGÆP»à¯ËݳxJ íT
…žñ$åÀqÉŽ\Œå)…6£Ø{ƒI[&S€É/.%nŸBZïÿfû¦Fûù ¦‡ˆ]à¤ØàH©ºFzmÀÏ×Ö8slnï˜ÊYÞ2'¢ÑÔƒ¹u|ÞY¿U³¯5ðs
+ÛóáK¦KèDú]•OÎðHâžF<´5²¿OÅÜï ÇgPüõ´
^Ó9•æ@¸cêðöé¶Ý“ë‹:"¡÷šÒ)îm¸eê$É‚ø9}æ8ùŸ#PÑ8êü,6™åÊ´(ú—JÔ´&5¿3²Óü#¼EÀìó|WÎòȆú?ñd¢×ßZÌŠ1—3

And continues on for ages.

 

[Jonny Napalm]

Okay managed to sort it, everytime I closed the notepad it would open up again, I had to keep clicking the close button, but in the end I got the logs I needed so, here you are.

DDS logs

DDS (Ver_10-12-12.02) - NTFSx86
Run by Jon_2 at 18:11:21.39 on 25/02/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_16
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4094.2277 [GMT 0:00]

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\Windows\system32\taskhost.exe
svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
svchost.exe
svchost.exe
C:\Windows\RAVCpl64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\NETGEAR\WPN111\wpn111.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Jon_2\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files (x86)\windows live\companion\companioncore.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files (x86)\hypercam toolbar\tbcore3.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files (x86)\hypercam toolbar\tbcore3.dll
TB: @c:\program files (x86)\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files (x86)\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files (x86)\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
uRun: [Logitech Vid] "c:\program files (x86)\logitech\logitech vid\vid.exe" -bootmode
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [WinampAgent] "c:\program files (x86)\winamp\winampa.exe"
mRun: [DivXUpdate] "c:\program files (x86)\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files (x86)\ati\aticustomercare\ATICustomerCare.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [AVG_TRAY] c:\program files (x86)\avg\avg10\avgtray.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDczNTI3NDU4LUZQOTIrNi1CQVI5RysxLVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEMrMQ"&"prod=90"&"ver=10.0.1204
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files (x86)\netgear\wpn111\wpn111.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files (x86)\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
TCP: {00E80E85-562A-4664-A665-738101722AB5} = 192.168.1.1,192.168.1.2
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files (x86)\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - c:\windows\syswow64\ie4uinit.exe -BaseSettings
mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\windows\syswow64\rundll32.exe c:\windows\syswow64\mscories.dll,Install
mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - c:\windows\syswow64\ie4uinit.exe -UserIconConfig
mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "c:\windows\syswow64\rundll32.exe" "c:\windows\syswow64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidseh.sys --> c:\windows\system32\drivers\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx64.sys --> c:\windows\system32\drivers\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx64.sys --> c:\windows\system32\drivers\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx64.sys --> c:\windows\system32\drivers\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;c:\windows\system32\drivers\avgtdia.sys --> c:\windows\system32\drivers\avgtdia.sys [?]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe --> c:\windows\system32\atiesrxx.exe [?]
R2 avgwd;AVG WatchDog;c:\program files (x86)\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2009-10-7 191000]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-3-29 1153368]
R2 TeamViewer5;TeamViewer 5;c:\program files (x86)\teamviewer\version5\TeamViewer_Service.exe [2010-4-16 173352]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys --> c:\windows\system32\drivers\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys --> c:\windows\system32\drivers\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\atihdw76.sys --> c:\windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriver.sys --> c:\windows\system32\drivers\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilter.sys --> c:\windows\system32\drivers\AVGIDSFilter.Sys [?]
R3 lvpepf64;Volume Adapter;c:\windows\system32\drivers\lv302a64.sys --> c:\windows\system32\drivers\lv302a64.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\drivers\lvpr2m64.sys --> c:\windows\system32\drivers\LVPr2M64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\drivers\lvrs64.sys --> c:\windows\system32\drivers\lvrs64.sys [?]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\drivers\pcasp50a64.sys --> c:\windows\system32\drivers\PCASp50a64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\rt64win7.sys --> c:\windows\system32\drivers\Rt64win7.sys [?]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\wpn111vx.sys --> c:\windows\system32\drivers\WPN111vx.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 GEST Service;GEST Service for program management.;c:\program files (x86)\gigabyte\energysaver\GSvr.exe [2010-3-27 68136]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-7-23 136176]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys --> c:\windows\system32\drivers\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files (x86)\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\drivers\pcamp50a64.sys --> c:\windows\system32\drivers\PCAMp50a64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\watadminsvc.exe --> c:\windows\system32\wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================


==================== Find3M ====================


============= FINISH: 18:19:12.60 ===============



Attach logs

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 27/03/2010 10:27:40
System Uptime: 25/02/2011 17:23:40 (1 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | EX58-UD3R
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | Socket 1366 | 1983/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 931 GiB total, 632.736 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Express Uploader
Akamai NetSession Interface
Aliens vs Predator
America's Army 3
AMP WinOFF
Apple Application Support
Apple Software Update
Application Profiles
ARMA 2 Operation Arrowhead Uninstall
ArmA 2 Uninstall
Ask Toolbar
Assassin's Creed
ATI Catalyst Registration
Audacity 1.3.12 (Unicode)
Auslogics BoostSpeed
Auslogics Disk Defrag
Battlefield 2(TM)
Battlefield 2: Special Forces
Battlefield: Bad Company™ 2
Bing Bar
Bing Bar Platform
Browser Configuration Utility
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) - World at War(TM) 1.4 Patch
Call of Duty(R) - World at War(TM) 1.5 Patch
Call of Duty(R) - World at War(TM) 1.6 Patch
Call of Duty(R) - World at War(TM) 1.7 Patch
Call of Duty(R) 2
Call of Duty(R) 2 Mod Tools
Call of Duty(R) 2 Patch 1.3
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
CoD2 Pure v2.0
Counter-Strike
Counter-Strike: Condition Zero
Counter-Strike: Condition Zero Deleted Scenes
Counter-Strike: Source
D3DX10
Day of Defeat
Death to Spies (Remove Only)
Death to Spies: Moment of Truth (Remove Only)
Deathmatch Classic
DivX Setup
DSA Motorcyclist Theory Test
EA Download Manager
EA Download Manager UI
EAX Unified
Energy Saver Advance B8.1208.1
Far Cry 2
Foxit Reader
Fraps (remove only)
GameSpy Arcade
Garry's Mod
Gigabyte Raid Configurer
Google Earth
Google Update Helper
Grand Theft Auto IV
Grand Theft Auto: Episodes from Liberty City
GRID
GTA San Andreas
Half-Life 2: Deathmatch
Halloween Desktop Animations version 1.0
Hitman 2: Silent Assassin
Hitman Blood Money
Hitman: Contracts
HydraVision
HyperCam Toolbar
Java(TM) 6 Update 16
Junk Mail filter update
Just Cause 2
Logitech Vid HD
Mafia Game
Mafia II
Malwarebytes' Anti-Malware
Mass Effect
Medal of Honor (TM)
Medal of Honor Beta
Medal of Honor™ MP Open Beta
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft Flight Simulator X
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.2pre)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
neroxml
NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
NVIDIA PhysX
OpenAL
Portal
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
Ricochet
Roblox for Jon_2
Rockstar Games Social Club
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SHOUTcast Source DSP 1.9.1 (remove only)
Silent Hunter 4 Wolves of the Pacific
SmartFTP Client Setup Files 4.0 (x64) (remove only)
Spybot - Search & Destroy
Steam
System Requirements Lab
TeamSpeak 3 Client
TeamViewer 5
The Godfather™ II
The Lord of the Rings FREE Trial
The Matrix - Path of Neo
The Sims 2
The Sims 2 Nightlife
The Sims™ 2 Bon Voyage
The Sims™ 2 FreeTime
The Sims™ 2 H&M® Fashion Stuff
The Sims™ 2 IKEA® Home Stuff
The Sims™ 2 Teen Style Stuff
TheMatrix Screen Saver version 1.14
Tom Clancy's H.A.W.X
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2492475)
VC80CRTRedist - 8.0.50727.4053
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Winamp
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
WinZip 14.0
Xfire (remove only)

==== Event Viewer Messages From Past Week ========

25/02/2011 09:38:34, Error: WPN111 [5003] - NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111 : Could not find a network adapter.
25/02/2011 02:51:59, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user JON-PC\Jon (243) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
25/02/2011 01:54:17, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000013a00000090, 0x0000000000000002, 0x0000000000000000, 0xfffff80002ecc995). A dump was saved in: C:\Windows\Minidump\022511-39140-01.dmp. Report Id: 022511-39140-01.
25/02/2011 01:43:17, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xfffff8a00d88f03e, 0x0000000000000002, 0x0000000000000001, 0xfffff80003169901). A dump was saved in: C:\Windows\Minidump\022511-37502-01.dmp. Report Id: 022511-37502-01.
25/02/2011 01:02:43, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
25/02/2011 00:42:25, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff80002e5bd29). A dump was saved in: C:\Windows\Minidump\022511-25864-01.dmp. Report Id: 022511-25864-01.
25/02/2011 00:39:43, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
25/02/2011 00:39:43, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
25/02/2011 00:38:48, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80002e912b3). A dump was saved in: C:\Windows\Minidump\022511-33509-01.dmp. Report Id: 022511-33509-01.
24/02/2011 21:33:26, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 for x64-based Systems (KB976932).
24/02/2011 20:32:24, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80002ea02b3). A dump was saved in: C:\Windows\Minidump\022411-35771-01.dmp. Report Id: 022411-35771-01.
24/02/2011 18:32:18, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff880055e0000, 0x0000000000000008, 0xfffff880055e0000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\022411-37190-01.dmp. Report Id: 022411-37190-01.
24/02/2011 18:13:23, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
24/02/2011 18:13:23, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
24/02/2011 18:10:56, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
24/02/2011 18:08:54, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
24/02/2011 10:10:35, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64
24/02/2011 10:10:27, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f7 (0x00002b990993e620, 0x00002b992ddfa232, 0xffffd466d2205dcd, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\022411-36363-01.dmp. Report Id: 022411-36363-01.
23/02/2011 09:32:55, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f7 (0x00002b9909cff620, 0x00002b992ddfa232, 0xffffd466d2205dcd, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\022311-42681-01.dmp. Report Id: 022311-42681-01.
20/02/2011 19:16:50, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000013a00000090, 0x0000000000000002, 0x0000000000000000, 0xfffff80002e92995). A dump was saved in: C:\Windows\Minidump\022011-39686-01.dmp. Report Id: 022011-39686-01.
20/02/2011 19:09:25, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff880012c91b7, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\Minidump\022011-37877-01.dmp. Report Id: 022011-37877-01.
19/02/2011 21:57:12, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {B3EDE298-AE75-4A1C-AB7E-1B9229B77BBE} as /. The error: "740" Happened while starting this command: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -Embedding
19/02/2011 16:51:29, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xfffff8a00ff6f03e, 0x0000000000000002, 0x0000000000000001, 0xfffff800031b1901). A dump was saved in: C:\Windows\Minidump\021911-42510-01.dmp. Report Id: 021911-42510-01.
19/02/2011 16:28:06, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AMD External Events Utility service to connect.
19/02/2011 16:28:06, Error: Service Control Manager [7000] - The AMD External Events Utility service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
19/02/2011 16:21:30, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
19/02/2011 16:21:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
19/02/2011 16:21:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
19/02/2011 16:21:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
19/02/2011 16:21:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
19/02/2011 16:21:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
19/02/2011 16:21:17, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
19/02/2011 16:21:11, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy rdbss spldr tdx Wanarpv6 WfpLwf
19/02/2011 16:21:11, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
19/02/2011 16:21:11, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
19/02/2011 16:21:11, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
19/02/2011 16:21:11, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
19/02/2011 16:21:11, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
19/02/2011 16:21:11, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
19/02/2011 16:21:11, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
19/02/2011 16:21:11, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
19/02/2011 16:21:11, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
19/02/2011 16:21:10, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0x0000000000000200, 0x0000000000000008, 0x0000000000000200). A dump was saved in: C:\Windows\Minidump\021911-38157-01.dmp. Report Id: 021911-38157-01.
19/02/2011 13:37:39, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000318ecec, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\Minidump\021911-45645-01.dmp. Report Id: 021911-45645-01.
18/02/2011 17:45:13, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80002e8d995, 0xfffff8800976aab0, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\021811-43383-01.dmp. Report Id: 021811-43383-01.

==== End Of File ===========================

 

[Broni]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Jonny Napalm]

Alright, here are the ComboFix logs.

ComboFix 11-02-24.05 - Jon 26/02/2011 0:21.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4094.2877 [GMT 0:00]
Running from: c:\users\Jon_2\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files (x86)\HyperCam Toolbar\tbHElper.dll
c:\users\Jon_2\AppData\Local\{D962FDEF-A62C-4110-BFA6-2759C01EFF09}
c:\users\Jon_2\AppData\Local\{D962FDEF-A62C-4110-BFA6-2759C01EFF09}\chrome.manifest
c:\users\Jon_2\AppData\Local\{D962FDEF-A62C-4110-BFA6-2759C01EFF09}\chrome\content\_cfg.js
c:\users\Jon_2\AppData\Local\{D962FDEF-A62C-4110-BFA6-2759C01EFF09}\chrome\content\overlay.xul
c:\users\Jon_2\AppData\Local\{D962FDEF-A62C-4110-BFA6-2759C01EFF09}\install.rdf
c:\users\Jon_2\AppData\Roaming\Adobe\plugs
c:\windows\system32\system
c:\windows\SysWow64\system
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete

.
((((((((((((((((((((((((( Files Created from 2011-01-26 to 2011-02-26 )))))))))))))))))))))))))))))))
.

2011-02-26 00:26 . 2011-02-26 00:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-26 00:26 . 2011-02-26 00:26 -------- d-----w- c:\users\Jon\AppData\Local\temp
2011-02-26 00:26 . 2011-02-26 00:26 -------- d-----w- c:\users\localadmin\AppData\Local\temp
2011-02-25 17:18 . 2009-04-30 23:02 539160 ----a-w- c:\windows\SysWow64\LVUI2RC.dll
2011-02-25 17:18 . 2009-04-30 23:02 539160 ----a-w- c:\windows\SysWow64\LVUI2.dll
2011-02-25 17:18 . 2009-04-30 23:01 327576 ----a-w- c:\windows\system32\drivers\lvrs64.sys
2011-02-25 17:18 . 2009-04-30 22:57 416280 ----a-w- c:\windows\SysWow64\lvcodec2.dll
2011-02-25 17:18 . 2009-04-30 22:55 2755096 ----a-w- c:\windows\system32\drivers\LV302V64.SYS
2011-02-25 17:18 . 2009-04-30 22:55 15896 ----a-w- c:\windows\system32\drivers\lv302a64.sys
2011-02-25 17:18 . 2011-02-25 17:19 -------- d-----w- c:\program files\Common Files\LogiShrd
2011-02-25 17:18 . 2011-02-25 17:18 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2011-02-25 17:09 . 2011-02-25 17:09 -------- d-----w- c:\users\Jon\AppData\Roaming\Leadertech
2011-02-25 16:33 . 2011-02-25 16:33 -------- d-----w- c:\users\localadmin\AppData\Local\AVG Security Toolbar
2011-02-25 16:29 . 2011-02-21 11:09 1372248 ----a-w- c:\temp\TDSSKiller.exe
2011-02-25 16:28 . 2011-02-25 16:29 -------- d-----w- C:\Temp
2011-02-25 16:28 . 2011-02-25 16:28 -------- d-----w- c:\users\localadmin\AppData\Roaming\AVG10
2011-02-25 12:56 . 2011-02-25 12:56 -------- d-----w- c:\users\Jon_2\AppData\Local\{88430FA7-D08E-46B7-82E0-F9216D08ECBB}
2011-02-25 01:50 . 2008-06-24 13:45 1414440 ----a-w- c:\windows\SysWow64\ShellManager310E2D762.dll
2011-02-25 01:01 . 2010-12-20 18:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-25 01:01 . 2010-12-20 18:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-25 00:56 . 2011-02-25 00:56 -------- d-----w- c:\users\Jon_2\AppData\Local\{087319EA-1C70-4E5E-B7DD-B07F5BEC5227}
2011-02-25 00:40 . 2011-02-25 00:41 -------- d-----w- c:\users\Jon_2\AppData\Local\{7D3F62DA-BBF4-4F2C-890E-C6A40571F64C}
2011-02-24 11:33 . 2011-02-02 17:10 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C8AEBDD-AD9F-4DDD-8E39-A981659AC563}\mpengine.dll
2011-02-24 10:12 . 2011-02-24 10:12 -------- d-----w- c:\users\Jon_2\AppData\Local\{EEB884B6-56B4-4E08-80A9-7F5BE2944F7B}
2011-02-23 10:14 . 2011-02-23 10:14 -------- d-----w- c:\users\Jon_2\AppData\Local\{A65B08F6-0944-474D-AC5E-A816297FC09E}
2011-02-22 10:13 . 2011-02-22 22:14 -------- d-----w- c:\users\Jon_2\AppData\Local\{1AC84E07-9998-40F1-851C-60A733F42E59}
2011-02-21 22:13 . 2011-02-21 22:13 -------- d-----w- c:\users\Jon_2\AppData\Local\{C71A1275-2CFF-4103-A23B-5D81DAFA64EA}
2011-02-21 10:12 . 2011-02-21 10:12 -------- d-----w- c:\users\Jon_2\AppData\Local\{58CEA6EE-8D54-4716-87F3-4BD29D54E0D6}
2011-02-20 19:19 . 2011-02-20 19:20 -------- d-----w- c:\users\Jon_2\AppData\Local\{B5905913-7757-4DCB-9FAD-46F56C7B8B9E}
2011-02-20 19:12 . 2011-02-20 19:12 -------- d-----w- c:\users\Jon_2\AppData\Local\{7C4032E0-D7F1-4634-B0EF-FE0162F236B6}
2011-02-19 21:53 . 2011-02-19 21:53 -------- d-----w- c:\program files (x86)\CoD2 Pure v2.0
2011-02-19 20:51 . 2011-02-19 20:51 -------- d-----w- c:\users\Jon_2\AppData\Local\{8415484E-F446-4095-9C3C-9C33E97238AD}
2011-02-19 16:31 . 2011-02-19 16:31 -------- d-----w- c:\programdata\ATI
2011-02-19 16:28 . 2011-02-19 16:28 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-02-19 16:28 . 2011-02-19 16:28 -------- d-----w- c:\program files (x86)\ATI Stream
2011-02-19 08:50 . 2011-02-19 08:51 -------- d-----w- c:\users\Jon_2\AppData\Local\{38562501-9BC4-49CA-8768-9B9B84424AC9}
2011-02-18 15:50 . 2011-02-18 15:50 -------- d-----w- c:\program files (x86)\Adobe Photoshop Express Uploader
2011-02-18 15:36 . 2011-02-18 15:37 -------- d-----w- c:\users\Jon_2\AppData\Local\{9672CB16-FC9D-41DA-ABAA-F6B65F70DC66}
2011-02-17 19:57 . 2011-02-17 19:58 -------- d-----w- c:\users\Jon_2\AppData\Local\{6FFBA430-C840-4F2F-8987-0A5F84B3E76C}
2011-02-17 18:36 . 2010-12-21 06:13 2003968 ----a-w- c:\windows\system32\msxml6.dll
2011-02-17 07:57 . 2011-02-17 07:57 -------- d-----w- c:\users\Jon_2\AppData\Local\{C891236F-6A02-4A14-BDD8-7660102A2D0A}
2011-02-16 15:32 . 2011-02-16 15:32 -------- d-----w- c:\users\Jon_2\AppData\Local\{3BEBE00C-EC17-4921-AFE7-DBE9A793E472}
2011-02-15 16:15 . 2011-02-15 16:15 -------- d-----w- c:\users\Jon_2\AppData\Local\{3D5D5DFE-5A92-4109-846F-D2DAADCFC94F}
2011-02-14 17:00 . 2011-01-26 06:53 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-02-14 17:00 . 2011-01-26 06:53 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-14 17:00 . 2011-01-26 06:31 144384 ----a-w- c:\windows\system32\cdd.dll
2011-02-14 16:57 . 2011-02-14 16:57 -------- d-----w- c:\users\Jon_2\AppData\Local\{0416637F-7274-4616-B3F6-2A2096A0B9E5}
2011-02-13 20:40 . 2011-01-07 08:06 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-02-13 20:40 . 2011-01-07 07:27 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-02-13 20:40 . 2011-01-07 05:49 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-02-13 20:40 . 2011-01-07 05:33 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-02-13 15:15 . 2011-02-13 15:15 -------- d-----w- c:\users\Jon_2\AppData\Local\{2EA740A1-74AA-4708-93CC-2D7347B272E9}
2011-02-13 13:18 . 2011-02-13 13:18 -------- d-----w- c:\users\Jon\AppData\Roaming\Nero
2011-02-13 12:59 . 2010-03-16 20:47 23000 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browserdirprovider.dll
2011-02-13 12:59 . 2010-03-16 20:47 138712 ----a-w- c:\program files (x86)\Mozilla Firefox\components\brwsrcmp.dll
2011-02-13 12:59 . 2010-03-16 20:47 17880 ----a-w- c:\program files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2011-02-13 00:08 . 2011-02-13 00:08 -------- d-----w- c:\users\Jon_2\AppData\Roaming\Malwarebytes
2011-02-12 23:19 . 2011-02-12 23:19 -------- d-----w- c:\users\Jon\AppData\Roaming\Malwarebytes
2011-02-12 23:19 . 2011-02-12 23:19 -------- d-----w- c:\programdata\Malwarebytes
2011-02-12 23:19 . 2011-02-25 01:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-12 23:03 . 2011-02-12 23:03 -------- d-----w- c:\users\Jon_2\AppData\Local\{6CED28A7-E252-42C6-BE5F-D265EE9B9F0C}
2011-02-12 11:02 . 2011-02-12 11:02 -------- d-----w- c:\users\Jon_2\AppData\Local\{AD562423-7DD3-4344-A32E-529FC6A74872}
2011-02-12 10:57 . 2011-02-12 10:57 -------- d-----w- c:\users\Jon_2\AppData\Local\{A5A4B3AE-3567-483B-8ACC-010A868227C0}
2011-02-12 10:54 . 2011-02-12 10:54 -------- d-----w- c:\users\Jon_2\AppData\Local\{71CC6630-F2C2-4ECF-AB5D-B58718A7BE5E}
2011-02-11 16:05 . 2011-02-11 16:05 -------- d-----w- c:\users\Jon_2\AppData\Local\{1B69EA80-55ED-4B59-89A1-1B7EED46ED94}
2011-02-10 21:49 . 2011-02-10 21:49 -------- d-----w- c:\users\Jon_2\AppData\Local\{93FE847E-6AC9-4864-A382-7E6DCD0B5623}
2011-02-10 12:09 . 2011-02-13 22:43 -------- d-----w- c:\program files (x86)\Voobly
2011-02-10 11:37 . 2011-02-13 22:43 -------- d-----w- c:\program files (x86)\Age Of Empires 2 & The Conquerors Expansion - Full Game
2011-02-10 10:52 . 2011-02-13 22:43 -------- d-----w- c:\program files (x86)\Registry Winner
2011-02-10 09:48 . 2011-02-10 09:49 -------- d-----w- c:\users\Jon_2\AppData\Local\{6D4B6ADA-DAD8-4C06-ABBC-8EE6B4F1E704}
2011-02-10 09:20 . 2011-02-10 09:21 -------- d-----w- c:\users\Jon_2\AppData\Local\{DC63AF32-F6AB-4838-8E10-98E11E6A1054}
2011-02-09 20:35 . 2011-02-09 20:35 -------- d-----w- c:\users\Jon_2\AppData\Local\{0B77DC30-E087-4D1B-8675-A05A29D4A3C3}
2011-02-09 19:49 . 2011-02-09 19:49 -------- d-----w- c:\users\Jon_2\AppData\Roaming\DAEMON Tools Lite
2011-02-09 19:42 . 2011-02-09 22:35 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-02-09 19:42 . 2011-02-09 19:42 -------- d-----w- c:\users\Jon\AppData\Roaming\DAEMON Tools Lite
2011-02-09 08:35 . 2011-02-09 08:35 -------- d-----w- c:\users\Jon_2\AppData\Local\{9539565D-796B-4BF2-B1E1-91D1BEDD0426}
2011-02-08 15:44 . 2011-02-08 15:44 -------- d-----w- c:\users\Jon_2\AppData\Roaming\Foxit Software
2011-02-08 15:30 . 2011-02-08 15:30 -------- d-----w- c:\users\Jon_2\AppData\Local\{E0B2A0A9-4CE3-4FA9-88CE-94A471F8728C}
2011-02-07 20:06 . 2011-02-07 20:06 -------- d-----w- c:\users\Jon_2\AppData\Local\{F124E468-7596-407A-AF4C-8BF1B0F6F6EC}
2011-02-07 08:05 . 2011-02-07 08:05 -------- d-----w- c:\users\Jon_2\AppData\Local\{2367CD32-EA7B-4975-8597-1A65EA819547}
2011-02-06 18:24 . 2011-02-06 18:24 -------- d-----w- c:\users\Jon_2\AppData\Local\{19003CF6-1429-4EE6-B230-6B3C5AE33F13}
2011-02-05 08:57 . 2011-02-05 08:57 -------- d-----w- c:\users\Jon_2\AppData\Local\{55CD77F3-4F39-4ABF-96BE-F0CC5A232CC2}
2011-02-04 16:08 . 2011-02-04 16:08 -------- d-----w- c:\users\Jon_2\AppData\Local\{57B259FA-E0FB-41A1-8050-E18CB4481C89}
2011-02-03 22:23 . 2011-02-03 22:24 -------- d-----w- c:\users\Jon_2\AppData\Local\{F0D9BCAA-D8DE-464E-9270-3E134D647854}
2011-02-03 21:51 . 2011-02-03 21:51 -------- d-----w- c:\program files (x86)\Duty Calls
2011-02-03 10:23 . 2011-02-03 10:23 -------- d-----w- c:\users\Jon_2\AppData\Local\{91705F3C-3424-4ECF-9ACC-5CE53121DB4E}
2011-02-02 15:37 . 2011-02-02 15:37 -------- d-----w- c:\users\Jon_2\AppData\Local\{34D68A17-F69B-48CE-AD55-B9457A021A99}
2011-02-01 19:45 . 2011-02-01 19:45 -------- d-----w- c:\users\Jon_2\AppData\Local\{18A6F018-8561-4EBD-8D7F-B5477B264525}
2011-02-01 16:16 . 2011-02-01 16:16 -------- d-----w- c:\windows\en
2011-02-01 16:04 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
2011-02-01 16:04 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-02-01 16:04 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2011-02-01 16:04 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2011-02-01 16:04 . 2011-02-01 16:04 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a88975e61cbc22903\MeshBetaRemover.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-26 00:27 . 2010-03-27 12:12 24072 ----a-w- c:\windows\gdrv.sys
2011-02-25 23:24 . 2010-03-27 23:43 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-02-25 23:24 . 2010-03-27 16:48 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-02-25 23:22 . 2010-03-27 16:48 234280 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-02-02 17:11 . 2010-03-27 10:45 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 15:40 . 2010-05-16 10:01 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-02-02 15:40 . 2010-05-19 14:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-02-02 15:39 . 2010-05-16 10:01 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-01-27 15:34 . 2010-03-29 21:36 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-01-27 15:33 . 2010-05-20 10:00 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-01-27 15:33 . 2010-03-29 21:35 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-01-26 23:37 . 2011-01-26 23:37 9085952 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-01-26 23:22 . 2011-01-26 23:22 22295040 ----a-w- c:\windows\system32\atio6axx.dll
2011-01-26 23:00 . 2011-01-26 23:00 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-26 23:00 . 2010-08-04 00:54 596480 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-01-26 22:59 . 2011-01-26 22:59 17204736 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-01-26 22:59 . 2010-03-03 04:15 708608 ----a-w- c:\windows\system32\aticfx64.dll
2011-01-26 22:56 . 2011-01-26 22:56 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-26 22:56 . 2011-01-26 22:56 479232 ----a-w- c:\windows\system32\atieclxx.exe
2011-01-26 22:55 . 2011-01-26 22:55 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-01-26 22:54 . 2011-01-26 22:54 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-01-26 22:54 . 2011-01-26 22:54 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-01-26 22:53 . 2011-01-26 22:53 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-01-26 22:53 . 2011-01-26 22:53 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-01-26 22:53 . 2011-01-26 22:53 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-01-26 22:53 . 2011-01-26 22:53 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-01-26 22:53 . 2011-01-26 22:53 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-01-26 22:49 . 2010-08-04 00:46 4105728 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-01-26 22:40 . 2009-10-07 03:44 4847616 ----a-w- c:\windows\system32\atidxx64.dll
2011-01-26 22:32 . 2011-01-26 22:32 1208320 ----a-w- c:\windows\system32\atiumd6v.dll
2011-01-26 22:32 . 2011-01-26 22:32 1912832 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-01-26 22:32 . 2011-01-26 22:32 3222016 ----a-w- c:\windows\system32\atiumd6a.dll
2011-01-26 22:28 . 2010-03-03 03:46 4170752 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-01-26 22:27 . 2011-01-26 22:27 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-01-26 22:27 . 2011-01-26 22:27 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-01-26 22:27 . 2011-01-26 22:27 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-01-26 22:27 . 2011-01-26 22:27 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-01-26 22:27 . 2011-01-26 22:27 6982144 ----a-w- c:\windows\system32\aticaldd64.dll
2011-01-26 22:25 . 2011-01-26 22:25 5580800 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-01-26 22:24 . 2010-03-03 03:24 3463680 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-01-26 22:21 . 2011-01-26 22:21 5316096 ----a-w- c:\windows\system32\atiumd64.dll
2011-01-26 22:20 . 2010-03-03 03:23 58880 ----a-w- c:\windows\system32\coinst.dll
2011-01-26 22:14 . 2011-01-26 22:14 354304 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-26 22:14 . 2011-01-26 22:14 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-01-26 22:13 . 2011-01-26 22:13 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-01-26 22:13 . 2011-01-26 22:13 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 299520 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-01-26 22:12 . 2010-03-03 03:06 39936 ----a-w- c:\windows\system32\atiuxp64.dll
2011-01-26 22:12 . 2010-08-04 00:15 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-01-26 22:12 . 2010-03-03 03:06 38400 ----a-w- c:\windows\system32\atiu9p64.dll
2011-01-26 22:12 . 2010-03-03 03:06 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-01-26 22:11 . 2011-01-26 22:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-01-26 22:08 . 2011-01-26 22:08 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-01-26 22:08 . 2011-01-26 22:08 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2010-12-07 12:17 . 2010-12-07 12:17 51200 ----a-w- c:\windows\SysWow64\OpenCL.dll
2010-12-07 12:15 . 2010-12-07 12:15 52736 ----a-w- c:\windows\system32\OpenCL.dll
2010-12-03 23:11 . 2010-03-27 16:48 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 22:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2010-11-16 1242448]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-08-27 5904896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2010-04-06 149280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-06-29 74752]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

c:\users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WPN111\wpn111.exe [2010-3-27 995328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 GEST Service;GEST Service for program management.;c:\program files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2008-12-08 68136]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 136176]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [2006-11-28 43328]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-20 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 203776]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-04-16 173352]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 9085952]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 299520]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2009-04-30 15896]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-04-30 327576]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [2006-11-28 41280]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111vx.sys [2008-08-05 1075712]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2011-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 22:38]

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 22:38]

2010-06-27 c:\windows\Tasks\Install_NSS.job
- c:\program files (x86)\DivX\Symantec\scstubinstaller.exe [2010-03-08 18:00]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-24 6452256]
"Skytel"="Skytel.exe" [2008-07-24 1833504]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
TCP: {00E80E85-562A-4664-A665-738101722AB5} = 192.168.1.1,192.168.1.2
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
FF - ProfilePath - c:\users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\a7878fne.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cbb2ed5&v=6.011.025.001&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: HyperCamToolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
FF - Ext: Foxit PDF Creator Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Mafia Game - c:\windows\system32\MafiaSetup.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2655220596-4292365919-2197331805-1000\Software\SecuROM\License information*]
"datasecu"=hex:c8,99,95,ba,c6,f9,91,d3,ba,eb,87,85,f9,3a,3f,55,b2,71,29,68,20,
05,51,12,7e,a2,64,1a,dc,49,5b,09,13,d9,cd,ed,22,0b,b3,64,10,76,87,7b,91,f3,\
"rkeysecu"=hex:7d,07,e4,4b,ce,12,0e,31,31,e7,d4,4b,dd,30,4d,26

[HKEY_USERS\S-1-5-21-2655220596-4292365919-2197331805-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:35,51,a4,65,e6,ed,21,1a,bb,45,87,10,35,b6,26,72,5d,75,fc,52,0d,2f,c9,
31,25,14,b3,b7,e9,56,1c,5c,22,50,29,0b,66,24,51,3b,c4,84,df,68,87,95,95,e6,\
"??"=hex:6b,9c,9a,1f,7f,46,30,e4,e2,44,f9,78,92,32,75,73

[HKEY_USERS\S-1-5-21-2655220596-4292365919-2197331805-1004\Software\SecuROM\License information*]
"datasecu"=hex:1d,70,57,0d,45,3d,9e,ab,c4,26,4c,46,ac,3f,e5,57,0c,7f,51,f0,c0,
45,46,49,27,09,66,86,2c,97,64,8b,fa,f1,f0,6e,22,14,a1,c8,f1,9b,cb,18,cc,e6,\
"rkeysecu"=hex:43,ee,1c,31,81,97,33,f0,75,63,15,bd,fc,4c,1f,8e

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2011-02-26 00:31:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-26 00:31

Pre-Run: 677,821,517,824 bytes free
Post-Run: 677,499,887,616 bytes free

- - End Of File - - 7278A34FADC23D28BEBEF332A6241431

 

[Broni]

Uninstall Ask Toolbar, known foistware.

Combofix log looks fine now.

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Jonny Napalm]

How is computer doing?

So far so good, I haven't been redirected or had a BSOD all day.

 

[Broni]

Good news

 

[Jonny Napalm]

Also how do I uninstall the Ask Toolbar?

 

[Broni]

It should be listed in Control Panel>Programs & Features.
If it's not, let me know and continue with OTL.

 

[Jonny Napalm]

OTL log

Nope it's not there, the only toolbare related thing in there is the Bing Bar. But anyways here are the Logs for the OTL

OTL logfile created on: 26/02/2011 01:21:09 - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Jon_2\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 630.83 Gb Free Space | 67.73% Space Free | Partition Type: NTFS

Computer Name: JON-PC | User Name: Jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/26 01:09:31 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Jon_2\Desktop\OTL.exe
PRC - [2010/12/03 23:11:18 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/09/01 06:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/06/29 04:00:16 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/16 07:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/08/17 11:27:36 | 000,995,328 | ---- | M] (NETGEAR) -- C:\Program Files (x86)\NETGEAR\WPN111\WPN111.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2011/02/26 01:09:31 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Jon_2\Desktop\OTL.exe
MOD - [2010/08/21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/26 22:55:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/02/25 00:39:30 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/05 07:29:19 | 003,129,432 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_dbc0250.dll -- (Akamai)
SRV - [2010/12/03 23:11:18 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/16 07:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/08 17:15:26 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/01/26 23:37:20 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/01/26 23:37:20 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/01/26 22:13:32 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/17 12:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/21 15:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/30 14:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/14 01:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 01:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/30 23:01:34 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/04/30 22:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2009/04/30 22:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/11/04 02:21:08 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2008/08/05 00:21:48 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPN111vx.sys -- (WPN111)
DRV:64bit: - [2006/11/28 21:46:20 | 000,043,328 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCAMp50a64.sys -- (PCAMp50a64)
DRV:64bit: - [2006/11/28 21:46:20 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCASp50a64.sys -- (PCASp50a64)
DRV - [2011/02/26 00:27:38 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2655220596-4292365919-2197331805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2655220596-4292365919-2197331805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-2655220596-4292365919-2197331805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D4 2A 24 CB 9D CD CA 01 [binary data]
IE - HKU\S-1-5-21-2655220596-4292365919-2197331805-1000\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - HKU\S-1-5-21-2655220596-4292365919-2197331805-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2655220596-4292365919-2197331805-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C FB CF 3E FE 39 CB 01 [binary data]
IE - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/ig?hl=en&source=iglk"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.6
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cbb2ed5&v=6.011.025.001&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/02/13 22:43:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/02/13 22:43:35 | 000,000,000 | ---D | M]

[2010/03/27 11:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon\AppData\Roaming\mozilla\Extensions
[2011/01/26 08:06:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon\AppData\Roaming\mozilla\Firefox\Profiles\a7878fne.default\extensions
[2010/04/07 19:18:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Jon\AppData\Roaming\mozilla\Firefox\Profiles\a7878fne.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/13 11:53:28 | 000,000,000 | ---D | M] (HyperCam Toolbar) -- C:\Users\Jon\AppData\Roaming\mozilla\Firefox\Profiles\a7878fne.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2011/02/13 22:41:34 | 000,000,000 | ---D | M] (Foxit PDF Creator Toolbar) -- C:\Users\Jon\AppData\Roaming\mozilla\Firefox\Profiles\a7878fne.default\extensions\toolbar@ask.com
[2010/10/17 17:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/29 04:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/12/03 17:47:02 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/03 17:47:02 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/03 17:47:02 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/03 17:47:02 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/01/21 23:00:07 | 000,428,769 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 14761 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1000..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] File not found
O4 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004..\Run: [Logitech Vid] File not found
O4 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/02/26 00:31:58 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\temp
[2011/02/26 00:19:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/26 00:19:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/26 00:19:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/26 00:19:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/26 00:19:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/26 00:01:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/25 17:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2011/02/25 17:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2011/02/25 17:09:55 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Leadertech
[2011/02/25 16:28:59 | 000,000,000 | ---D | C] -- C:\Temp
[2011/02/25 01:01:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/02/25 01:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/25 01:01:18 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/02/19 21:53:20 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoD2 Pure v2.0
[2011/02/19 21:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CoD2 Pure v2.0
[2011/02/19 21:53:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CoD2 Pure v2.0
[2011/02/19 16:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/02/19 16:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/02/19 16:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Stream SDK v2
[2011/02/19 16:28:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Stream
[2011/02/19 16:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/02/19 16:19:31 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/02/18 15:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Photoshop Express Uploader
[2011/02/18 15:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011/02/13 13:18:23 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Nero
[2011/02/12 23:19:35 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Malwarebytes
[2011/02/12 23:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/12 23:19:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/02/10 12:09:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Voobly
[2011/02/10 11:37:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Age Of Empires 2 & The Conquerors Expansion - Full Game
[2011/02/10 10:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Winner
[2011/02/10 10:45:25 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/02/09 19:42:23 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\DAEMON Tools Lite
[2011/02/09 19:42:23 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011/02/03 21:51:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Duty Calls
[2011/02/01 16:16:40 | 000,000,000 | ---D | C] -- C:\Windows\en

========== Files - Modified Within 30 Days ==========

[2011/02/26 00:48:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/26 00:35:35 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/26 00:35:35 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/26 00:27:43 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/26 00:27:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/26 00:27:27 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/26 00:24:37 | 000,739,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/26 00:24:37 | 000,636,792 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/26 00:24:37 | 000,114,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/25 23:24:02 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/02/25 23:24:02 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/02/25 23:22:58 | 000,234,280 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/02/25 17:20:17 | 000,001,029 | ---- | M] () -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2011/02/25 17:18:14 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software.lnk
[2011/02/25 17:16:16 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
[2011/02/25 17:07:28 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/02/25 01:50:08 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/02/25 01:01:22 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/19 21:53:20 | 000,001,968 | ---- | M] () -- C:\Users\Jon\Desktop\CoD2 Pure.lnk
[2011/02/18 15:50:09 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Express Uploader.lnk
[2011/02/17 18:56:15 | 355,178,561 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/02/17 18:42:40 | 000,432,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/02/13 13:18:42 | 000,000,064 | ---- | M] () -- C:\Users\Jon\AppData\Roaming\default.pls

========== Files Created - No Company Name ==========

[2011/02/26 00:19:59 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/26 00:19:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/26 00:19:59 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/26 00:19:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/26 00:19:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/25 17:20:17 | 000,001,029 | ---- | C] () -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2011/02/25 17:18:14 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software.lnk
[2011/02/25 17:16:16 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
[2011/02/25 17:07:28 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/02/25 01:50:15 | 000,773,120 | ---- | C] () -- C:\Windows\SysWow64\NEROINSTAEC43759.DB
[2011/02/25 01:50:07 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/02/25 01:01:22 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/19 21:53:20 | 000,001,968 | ---- | C] () -- C:\Users\Jon\Desktop\CoD2 Pure.lnk
[2011/02/13 14:49:06 | 355,178,561 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/02/13 13:18:42 | 000,000,064 | ---- | C] () -- C:\Users\Jon\AppData\Roaming\default.pls
[2010/10/14 11:08:03 | 000,747,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/08/20 14:02:02 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/07/09 19:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/07/03 11:52:56 | 000,000,210 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/04/25 13:28:46 | 000,000,000 | ---- | C] () -- C:\Users\Jon\AppData\Local\prvlcl.dat
[2010/03/27 16:48:28 | 000,000,293 | ---- | C] () -- C:\Windows\game.ini
[2010/03/27 12:41:35 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/03/27 12:12:33 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/09/17 19:44:30 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Auslogics
[2010/10/17 17:14:37 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\AVG10
[2011/02/09 19:42:23 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\DAEMON Tools Lite
[2011/02/25 17:09:55 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Leadertech
[2010/05/16 19:19:30 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\TeamViewer
[2010/04/25 12:51:23 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Uniblue
[2011/02/17 21:35:46 | 000,000,000 | ---D | M] -- C:\Users\Jon_2\AppData\Roaming\Audacity
[2011/02/26 00:12:47 | 000,000,000 | ---D | M] -- C:\Users\Jon_2\AppData\Roaming\AVG10
[2011/02/24 19:53:50 | 000,000,000 | ---D | M] -- C:\Users\Jon_2\AppData\Roaming\Beehta
[2010/04/21 22:33:30 | 000,000,000 | ---D | M] -- C:\Users\Jon_2\AppData\Roaming\com.adobe.px.Uploader.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2011/02/09 19:49:27 | 000,000,000 | ---D | M] -- C:\Users\Jon_2\AppData\Roaming\DAEMON Tools Lite
[2010/05/19 16:23:04 | 000,000,000 | ---D | M] -- C:\Users\Jon_2\AppData\Roaming\Ewen Chia's My Free Website Builder
[2011/02/08 15:44:20 | 000,000,000 | ---D | M] -- C:\Users\Jon_2\AppData\Roaming\Foxit Software
[2011/02/24 20:33:13 | 000,000,000 | ---D | M] -- C:\Users\Jon_2\AppData\Roaming\Olro
[2010/08/05 12:13:14 | 000,000,000 | ---D | M] -- C:\Users\Jon_2\AppData\Roaming\SystemRequirementsLab
[2010/06/12 08:05:26 | 000,000,000 | ---D | M] -- C:\Users\Jon_2\AppData\Roaming\TeamViewer
[2010/03/27 19:27:04 | 000,000,000 | ---D | M] -- C:\Users\Jon_2\AppData\Roaming\Ubisoft
[2010/10/22 11:28:43 | 000,000,000 | ---D | M] -- C:\Users\Jon_2\AppData\Roaming\Windows Live Writer
[2011/02/25 16:28:26 | 000,000,000 | ---D | M] -- C:\Users\localadmin\AppData\Roaming\AVG10
[2011/01/14 18:42:10 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/02/25 01:50:08 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/02/26 00:31:56 | 000,030,547 | ---- | M] () -- C:\ComboFix.txt
[2010/03/27 12:23:51 | 000,000,197 | ---- | M] () -- C:\csb.log
[2011/02/26 00:27:27 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/02/26 00:27:30 | 4293,386,240 | -HS- | M] () -- C:\pagefile.sys
[2010/03/27 12:21:43 | 000,000,473 | ---- | M] () -- C:\RHDSetup.log
[2011/02/26 00:27:42 | 000,000,135 | ---- | M] () -- C:\service.log
[2011/02/25 09:37:16 | 000,064,764 | ---- | M] () -- C:\TDSSKiller.2.4.18.0_25.02.2011_09.36.28_log.txt
[2011/02/25 16:30:03 | 000,064,172 | ---- | M] () -- C:\TDSSKiller.2.4.18.0_25.02.2011_16.29.35_log.txt
[2011/02/19 22:05:09 | 000,000,065 | ---- | M] () -- C:\tstamps.log

< %systemroot%\Fonts\*.com >
[2009/07/14 05:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 05:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 05:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 05:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 20:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/08/02 21:00:50 | 000,551,424 | ---- | M] () -- C:\Windows\TheMatrix.scr
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 04:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2008/06/23 17:36:24 | 000,773,120 | ---- | M] () -- C:\Windows\SysWOW64\NEROINSTAEC43759.DB

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/27 11:08:09 | 000,000,221 | -HS- | M] () -- C:\Users\Jon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 21:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/12 08:51:35 | 000,000,402 | -HS- | M] () -- C:\Users\Jon\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

 

[Jonny Napalm]

Extra logs

Here are the Extra logs

OTL Extras logfile created on: 26/02/2011 01:21:09 - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Jon_2\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 630.83 Gb Free Space | 67.73% Space Free | Partition Type: NTFS

Computer Name: JON-PC | User Name: Jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2655220596-4292365919-2197331805-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-2655220596-4292365919-2197331805-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{5E2BDF97-E0C7-75AE-29E1-5EA9DA262F2F}" = WMV9/VC-1 Video Playback
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}" = AMD Drag and Drop Transcoding
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{AE57C044-8912-A181-A0E4-BC2DAB3A092A}" = ATI Catalyst Install Manager
"{B2C5B378-546F-75A7-7757-C1EAAFAF9E33}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{CDDE7049-3EC8-933E-69C9-C65B3AAD8E24}" = ATI Problem Report Wizard
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EB78DD44-9AEE-7160-4AC3-053636D393C6}" = ATI AVIVO64 Codecs
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F74B11BF-3361-4B33-AF8D-75812E184973}" = SmartFTP Client
"CCleaner" = CCleaner
"HyperCam 2 (64 bit)" = HyperCam 2 (64 bit)
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{038B4F30-BA46-41FD-B7A6-492887792CC1}_is1" = Death to Spies (Remove Only)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23FBECC1-FA31-472A-83FB-27520B81EC3A}_is1" = TheMatrix Screen Saver version 1.14
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37643DF0-33B5-4247-B0D9-AF8BACCED127}" = Call of Duty(R) 2 Mod Tools
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3CA23CAC-A4CA-3FA8-C306-561E56C882A7}" = Adobe Photoshop Express Uploader
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{582E9125-32B6-4CBA-AB48-3E33CE3DB389}" = NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{664D6E1D-2A6C-D54D-31A5-B6BC30CEB0C6}" = CCC Help English
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® Home Stuff
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{7B9F5775-8C8C-2A4E-0CAB-74EA7AF5CB09}" = ccc-core-static
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.1208.1
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91311305-E6FC-958E-4AAC-D737C6F2A00E}" = Application Profiles
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}" = The Godfather™ II
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA945C94-285E-DE48-A30F-70105C6580DE}" = Catalyst Control Center Graphics Previews Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{B138D49F-B412-4B4A-9198-374EE0D593B7}" = DSA Motorcyclist Theory Test
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC29B835-95A5-3CD9-087B-F94D7B9ECC9B}" = Catalyst Control Center InstallProxy
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D5AED751-CD8F-43EF-8720-AD970CBEA741}" = Medal of Honor™ MP Open Beta
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}" = The Matrix - Path of Neo
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7951681-CCC7-24AA-7BFE-9647F477DCFF}" = HydraVision
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE191976-E84B-4D96-9088-77793EF81536}_is1" = Death to Spies: Moment of Truth (Remove Only)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"AMP WinOFF" = AMP WinOFF
"ArmA 2" = ArmA 2 Uninstall
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"CoD2 Pure v2.0" = CoD2 Pure v2.0
"com.adobe.px.Uploader.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop Express Uploader
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DivX Setup.divx.com" = DivX Setup
"EA Download Manager" = EA Download Manager
"EAX Unified" = EAX Unified
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps (remove only)
"GameSpy Arcade" = GameSpy Arcade
"Halloween Desktop Animations_is1" = Halloween Desktop Animations version 1.0
"Hitman 2: Silent Assassin" = Hitman 2: Silent Assassin
"Hitman: Contracts" = Hitman: Contracts
"HyperCam Toolbar" = HyperCam Toolbar
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{37643DF0-33B5-4247-B0D9-AF8BACCED127}" = Call of Duty(R) 2 Mod Tools
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{B138D49F-B412-4B4A-9198-374EE0D593B7}" = DSA Motorcyclist Theory Test
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Logitech Vid" = Logitech Vid HD
"Mafia Game" = Mafia Game
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
"OpenAL" = OpenAL
"PROPLUS" = Microsoft Office Professional Plus 2007
"PunkBusterSvc" = PunkBuster Services
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.1 (remove only)
"SmartFTP Client 4.0 (x64) Setup Files" = SmartFTP Client Setup Files 4.0 (x64) (remove only)
"Steam App 10" = Counter-Strike
"Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes
"Steam App 10680" = Aliens vs Predator
"Steam App 13140" = America's Army 3
"Steam App 240" = Counter-Strike: Source
"Steam App 30" = Day of Defeat
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 40" = Deathmatch Classic
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 47770" = Medal of Honor Beta
"Steam App 50130" = Mafia II
"Steam App 60" = Ricochet
"Steam App 80" = Counter-Strike: Condition Zero
"Steam App 8190" = Just Cause 2
"TeamViewer 5" = TeamViewer 5
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2655220596-4292365919-2197331805-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Battelfield 2 Nuke Mini Mod" = Battelfield 2 Nuke Mini Mod
"Winamp Detect" = Winamp Detector Plug-in

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2655220596-4292365919-2197331805-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Jon_2
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/02/2011 09:43:09 | Computer Name = JON-PC | Source = Application Error | ID = 1000
Description = Faulting application name: JustCause2.exe, version: 1.0.0.2, time
stamp: 0x4c1b5791 Faulting module name: JustCause2.exe, version: 1.0.0.2, time stamp:
0x4c1b5791 Exception code: 0xc0000005 Fault offset: 0x00778258 Faulting process id:
0x157c Faulting application start time: 0x01cbd4ed2dc77e33 Faulting application path:
c:\program files (x86)\steam\steamapps\common\just cause 2\JustCause2.exe Faulting
module path: c:\program files (x86)\steam\steamapps\common\just cause 2\JustCause2.exe
Report
Id: 2e2d9cb4-40e5-11e0-b7af-6cf049506c42

Error - 25/02/2011 10:50:15 | Computer Name = JON-PC | Source = Application Error | ID = 1000
Description = Faulting application name: JustCause2.exe, version: 1.0.0.2, time
stamp: 0x4c1b5791 Faulting module name: JustCause2.exe, version: 1.0.0.2, time stamp:
0x4c1b5791 Exception code: 0xc0000005 Fault offset: 0x00778258 Faulting process id:
0xd48 Faulting application start time: 0x01cbd4f7d4bf9029 Faulting application path:
c:\program files (x86)\steam\steamapps\common\just cause 2\JustCause2.exe Faulting
module path: c:\program files (x86)\steam\steamapps\common\just cause 2\JustCause2.exe
Report
Id: 8dc350db-40ee-11e0-b7af-6cf049506c42

Error - 25/02/2011 13:16:35 | Computer Name = JON-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Vid.exe, version: 7.2.7230.0, time stamp:
0x4c7834b1 Faulting module name: QtWebKit4.dll, version: 4.5.0.14, time stamp: 0x49ada850
Exception
code: 0xc0000005 Fault offset: 0x00027207 Faulting process id: 0xc04 Faulting application
start time: 0x01cbd50fb661c26a Faulting application path: C:\Program Files (x86)\Logitech\Vid
HD\Vid.exe Faulting module path: C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll
Report
Id: feb8fe44-4102-11e0-b6a3-6cf049506c42

Error - 25/02/2011 16:27:11 | Computer Name = JON-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 25/02/2011 18:22:07 | Computer Name = JON-PC | Source = Application Error | ID = 1000
Description = Faulting application name: JustCause2.exe, version: 1.0.0.2, time
stamp: 0x4c1b5791 Faulting module name: JustCause2.exe, version: 1.0.0.2, time stamp:
0x4c1b5791 Exception code: 0xc0000005 Fault offset: 0x00778258 Faulting process id:
0x1b5c Faulting application start time: 0x01cbd53835f4f75d Faulting application path:
c:\program files (x86)\steam\steamapps\common\just cause 2\JustCause2.exe Faulting
module path: c:\program files (x86)\steam\steamapps\common\just cause 2\JustCause2.exe
Report
Id: ad7b285d-412d-11e0-afe6-6cf049506c42

Error - 25/02/2011 20:04:11 | Computer Name = JON-PC | Source = MsiInstaller | ID = 11921
Description =

Error - 25/02/2011 20:05:32 | Computer Name = JON-PC | Source = MsiInstaller | ID = 11921
Description =

Error - 25/02/2011 20:24:21 | Computer Name = JON-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LVPrcSrv.exe, version: 12.10.1110.0, time
stamp: 0x4acc50c4 Faulting module name: LVPrcSrv.exe, version: 12.10.1110.0, time
stamp: 0x4acc50c4 Exception code: 0xc0000005 Fault offset: 0x0000000000007af2 Faulting
process id: 0x650 Faulting application start time: 0x01cbd54a95046f52 Faulting application
path: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe Faulting module
path: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe Report Id: c135dced-413e-11e0-8c9a-6cf049506c42

Error - 25/02/2011 20:30:55 | Computer Name = JON-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LVPrcSrv.exe, version: 12.10.1110.0, time
stamp: 0x4acc50c4 Faulting module name: LVPrcSrv.exe, version: 12.10.1110.0, time
stamp: 0x4acc50c4 Exception code: 0xc0000005 Fault offset: 0x0000000000007af2 Faulting
process id: 0x664 Faulting application start time: 0x01cbd54bf93fbfda Faulting application
path: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe Faulting module
path: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe Report Id: ac0c0d06-413f-11e0-b7f0-6cf049506c42

Error - 25/02/2011 21:00:05 | Computer Name = JON-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ Media Center Events ]
Error - 10/01/2011 12:07:27 | Computer Name = NapalmINC | Source = MCUpdate | ID = 0
Description = 16:07:26 - Error connecting to the internet. 16:07:26 - Unable
to contact server..

Error - 12/01/2011 03:38:32 | Computer Name = NapalmINC | Source = MCUpdate | ID = 0
Description = 07:38:32 - Error connecting to the internet. 07:38:32 - Unable
to contact server..

Error - 12/01/2011 03:39:07 | Computer Name = NapalmINC | Source = MCUpdate | ID = 0
Description = 07:39:01 - Error connecting to the internet. 07:39:01 - Unable
to contact server..

Error - 27/01/2011 05:36:12 | Computer Name = NapalmINC | Source = MCUpdate | ID = 0
Description = 09:36:12 - Error connecting to the internet. 09:36:12 - Unable
to contact server..

Error - 27/01/2011 05:36:47 | Computer Name = NapalmINC | Source = MCUpdate | ID = 0
Description = 09:36:41 - Error connecting to the internet. 09:36:41 - Unable
to contact server..

Error - 02/02/2011 03:44:39 | Computer Name = JON-PC | Source = MCUpdate | ID = 0
Description = 07:44:39 - Error connecting to the internet. 07:44:39 - Unable
to contact server..

Error - 02/02/2011 03:44:48 | Computer Name = JON-PC | Source = MCUpdate | ID = 0
Description = 07:44:44 - Error connecting to the internet. 07:44:44 - Unable
to contact server..

Error - 11/02/2011 03:46:26 | Computer Name = JON-PC | Source = MCUpdate | ID = 0
Description = 07:46:26 - Error connecting to the internet. 07:46:26 - Unable
to contact server..

Error - 11/02/2011 03:46:37 | Computer Name = JON-PC | Source = MCUpdate | ID = 0
Description = 07:46:31 - Error connecting to the internet. 07:46:31 - Unable
to contact server..

Error - 15/02/2011 12:31:56 | Computer Name = JON-PC | Source = MCUpdate | ID = 0
Description = 16:31:56 - Failed to retrieve Broadband (Error: The operation has
timed out)

[ System Events ]
Error - 25/02/2011 20:11:24 | Computer Name = JON-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the avgwd service.

Error - 25/02/2011 20:13:23 | Computer Name = JON-PC | Source = Service Control Manager | ID = 7031
Description = The Akamai NetSession Interface service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 1000
milliseconds: Restart the service.

Error - 25/02/2011 20:13:24 | Computer Name = JON-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Akamai
NetSession Interface service to connect.

Error - 25/02/2011 20:19:31 | Computer Name = JON-PC | Source = Service Control Manager | ID = 7031
Description = The Akamai NetSession Interface service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 1000
milliseconds: Restart the service.

Error - 25/02/2011 20:19:33 | Computer Name = JON-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Akamai
NetSession Interface service to connect.

Error - 25/02/2011 20:24:22 | Computer Name = JON-PC | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 25/02/2011 20:24:23 | Computer Name = JON-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 25/02/2011 20:26:09 | Computer Name = JON-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 25/02/2011 20:26:38 | Computer Name = JON-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 25/02/2011 20:30:56 | Computer Name = JON-PC | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

 

[Broni]

You need to reinstall AVG.

========================================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

=======================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
  FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
  O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
  O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
  O3 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
  O3 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
  O3 - HKU\S-1-5-21-2655220596-4292365919-2197331805-1004\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
  O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
  O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
  [2011/02/10 10:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Winner
  [2010/04/25 12:51:23 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Uniblue
  @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:07BF512B
  @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0B4227B4
  
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Jonny Napalm]

Heres the OTL fix logs. I will post everything else soon.

All processes killed
========== OTL ==========
HKU\S-1-5-21-2655220596-4292365919-2197331805-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: toolbar@ask.com:3.9.1.14019 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-2655220596-4292365919-2197331805-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-2655220596-4292365919-2197331805-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-2655220596-4292365919-2197331805-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Program Files (x86)\Registry Winner\Utilities\Favorites\Windows Live folder moved successfully.
C:\Program Files (x86)\Registry Winner\Utilities\Favorites\MSN Websites folder moved successfully.
C:\Program Files (x86)\Registry Winner\Utilities\Favorites\Microsoft Websites folder moved successfully.
C:\Program Files (x86)\Registry Winner\Utilities\Favorites\Links for United Kingdom folder moved successfully.
C:\Program Files (x86)\Registry Winner\Utilities\Favorites\Links folder moved successfully.
C:\Program Files (x86)\Registry Winner\Utilities\Favorites folder moved successfully.
C:\Program Files (x86)\Registry Winner\Utilities folder moved successfully.
C:\Program Files (x86)\Registry Winner folder moved successfully.
C:\Users\Jon\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
C:\Users\Jon\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
C:\Users\Jon\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
C:\Users\Jon\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
C:\Users\Jon\AppData\Roaming\Uniblue folder moved successfully.
ADS C:\ProgramData\TEMP:07BF512B deleted successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jon
->Temp folder emptied: 359194 bytes
->Temporary Internet Files folder emptied: 2155934 bytes
->Java cache emptied: 7140 bytes
->FireFox cache emptied: 4854331 bytes
->Flash cache emptied: 0 bytes

User: Jon_2
->Temp folder emptied: 639243 bytes
->Temporary Internet Files folder emptied: 1477674 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 45482519 bytes
->Flash cache emptied: 3807 bytes

User: localadmin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7103105 bytes
->Flash cache emptied: 456 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 307531 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 60.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jon
->Flash cache emptied: 0 bytes

User: Jon_2
->Flash cache emptied: 0 bytes

User: localadmin
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.21.0 log created on 02262011_015808

Files\Folders moved on Reboot...
File move failed. C:\Users\Jon_2\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

 

[Jonny Napalm]

Security Check Logs

Here are the logs from the Security check.

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
MVPS Hosts File
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.2.152.26
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````

 

[Broni]

Looks good

Go on.....

 

[Jonny Napalm]

Okay here are the ESET results, two threats were found.

C:\Documents and Settings\Jon_2\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application

C:\Users\Jon_2\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  
  :Services
  
  :Reg
  
  :Files
  C:\Documents and Settings\Jon_2\Downloads\registrybooster.exe
  C:\Users\Jon_2\Downloads\registrybooster.exe
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

=======================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

 

[Jonny Napalm]

OTL logs

Here are the first set of OTL logs, will post the others soon.

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Jon_2\Downloads\registrybooster.exe moved successfully.
File\Folder C:\Users\Jon_2\Downloads\registrybooster.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jon
->Temp folder emptied: 818654 bytes
->Temporary Internet Files folder emptied: 35883 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jon_2
->Temp folder emptied: 3425513 bytes
->Temporary Internet Files folder emptied: 800489 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 64489597 bytes
->Flash cache emptied: 2427 bytes

User: localadmin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 306595 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 67.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jon
->Flash cache emptied: 0 bytes

User: Jon_2
->Flash cache emptied: 0 bytes

User: localadmin
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.21.0 log created on 02262011_222024

Files\Folders moved on Reboot...
C:\Users\Jon_2\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Jon_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9J7M8OR\01[1].htm not found!
File\Folder C:\Users\Jon_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9J7M8OR\ADSAdClient31[1].txt not found!
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

 

[Jonny Napalm]

Second lot of OTL logs

Here are the second lot of OTL logs

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jon
->Temp folder emptied: 464709 bytes
->Temporary Internet Files folder emptied: 62096 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jon_2
->Temp folder emptied: 398693 bytes
->Temporary Internet Files folder emptied: 62096 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6568537 bytes
->Flash cache emptied: 0 bytes

User: localadmin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 240688 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jon
->Flash cache emptied: 0 bytes

User: Jon_2
->Flash cache emptied: 0 bytes

User: localadmin
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.21.0 log created on 02262011_223132

Files\Folders moved on Reboot...
C:\Users\Jon\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Jon_2\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

 

[Jonny Napalm]

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

AVG does this, should I still download this?

 

[Broni]

You're fine then...

12. Please, let me know, how your computer is doing.