TechSpot

Html/infected.webpage.gen (help) 2.0

By Anthino
Mar 26, 2011
  1. it is back. i followd all instructions and have done nothing other that play on Steam and watch movies from fancast.com It was fine when i fell asleep playing movie and overnight my antivir found the same thing again. I will not have time to attend this until monday.

    :confused:
     
  2. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Please, post what exactly was found by Avira.
     
  3. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    antivir report

    egin scan in 'C:\' <HP>
    C:\Users\TONY\AppData\Local\Mozilla\Firefox\Profiles\iv2qscxq.default\Cache\6\98\31171d01
    [0] Archive type: GZ
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
    --> unkwn
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
    Begin scan in 'D:\' <FACTORY_IMAGE>
    Begin scan in 'E:\'
    Search path E:\ could not be opened!
    System error [1005]: The volume does not contain a recognized file system.

    Beginning disinfection:
    C:\Users\TONY\AppData\Local\Mozilla\Firefox\Profiles\iv2qscxq.default\Cache\6\98\31171d01
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
    [NOTE] The file was moved to the quarantine directory under the name '48fd4d78.qua'.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Well, we better check, if you're totally clean.

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  5. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    Round 2

    i will be back with logs at step 6
     
  6. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    OK.....................................
     
  7. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    Mbam

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6231

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    3/31/2011 9:06:55 PM
    mbam-log-2011-03-31 (21-06-55).txt

    Scan type: Quick scan
    Objects scanned: 165189
    Time elapsed: 6 minute(s), 13 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    ____________________________________________________________________

    gmer was blank
     
  8. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    DDS

    .
    DDS (Ver_11-03-05.01) - NTFS_AMD64
    Run by TONY at 21:42:09.66 on Thu 03/31/2011
    Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_24
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6142.4304 [GMT -7:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio64.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
    C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
    C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    C:\Program Files (x86)\Secunia\PSI\sua.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
    C:\Program Files\Windows Mail\WindowsMailGadget.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Windows\ehome\ehmsas.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\TONY\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [Google Update] "C:\Users\TONY\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
    mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe" /r
    mRun: [CtaMon] Rundll32 CtaMon.dll,RunMonitor
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    StartupFolder: C:\Users\TONY\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -
    EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
    mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    mRun-x64: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
    mRun-x64: [SaiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
    mRun-x64: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
    mRun-x64: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
    mRun-x64: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
    mRun-x64: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
    mRun-x64: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\TONY\AppData\Roaming\Mozilla\Firefox\Profiles\iv2qscxq.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
    FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
    FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
    FF - plugin: C:\Users\TONY\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Users\TONY\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
    FF - plugin: C:\Users\TONY\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\TONY\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-3-24 69376]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-8-6 135336]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-8-6 269480]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-8-6 83120]
    R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-1-10 993848]
    R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-1-10 399416]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
    R3 m4cxvst64;NDIS6.0 Miniport Driver for D-Link DGE-5xx Gigabit Ethernet Adapter;C:\Windows\System32\drivers\m4cxvst64.sys [2008-2-4 392704]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-21 136176]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-3-24 1405384]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-11-30 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-30 79360]
    S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2010-11-30 79360]
    S3 Ctafiltv;Ctafiltv;C:\Windows\System32\drivers\Ctafiltv.sys [2010-11-30 24064]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
    S3 SaiK0D14;SaiK0D14;C:\Windows\System32\drivers\SaiK0D14.sys [2010-8-6 160264]
    S3 SkLaggProtocol;Marvell Link Aggregation Protocol;C:\Windows\System32\drivers\yk60x64l.sys [2007-12-14 92160]
    S3 SkVlanProtocol;Marvell VLAN Protocol;C:\Windows\System32\drivers\yk60x64v.sys [2007-11-23 25088]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-8-7 89920]
    .
    =============== File Associations ===============
    .
    JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2011-03-29 08:05:44 8424784 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{D080F459-E1A7-4215-97CE-BB1ABD27ED54}\mpengine.dll
    2011-03-28 19:53:19 -------- d-----w- C:\Windows\Hewlett-Packard
    2011-03-28 16:37:09 -------- d-----w- C:\Users\TONY\AppData\Roaming\HpUpdate
    2011-03-25 03:31:14 -------- d-----w- C:\Program Files (x86)\HP
    2011-03-25 03:28:44 -------- d-----w- C:\SwSetup
    2011-03-25 03:23:34 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
    2011-03-25 03:23:32 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
    2011-03-25 03:16:42 -------- dc-h--w- C:\PROGRA~3\{6A27DD32-7047-49DB-A679-BD2BD6B0BBD1}
    2011-03-25 03:12:00 -------- d-----w- C:\Users\TONY\AppData\Local\Secunia PSI
    2011-03-25 03:11:52 -------- d-----w- C:\Program Files (x86)\Secunia
    2011-03-25 02:20:11 -------- d-----w- C:\Program Files (x86)\ESET
    2011-03-25 02:03:02 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-03-25 01:16:18 -------- d-----w- C:\Users\TONY\AppData\Local\temp
    2011-03-24 22:31:22 -------- d-----w- C:\Users\TONY\AppData\Local\LAG
    2011-03-24 22:31:22 -------- d-----w- C:\PROGRA~3\LAG
    2011-03-22 21:10:35 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2011-03-22 21:10:35 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2011-03-22 21:10:35 1555968 ----a-w- C:\Windows\System32\DWrite.dll
    2011-03-22 21:10:35 1149440 ----a-w- C:\Windows\System32\FntCache.dll
    2011-03-22 21:10:35 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2011-03-18 05:55:13 -------- d-----w- C:\Users\TONY\AppData\Roaming\Malwarebytes
    2011-03-18 05:55:00 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-18 05:54:59 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-03-18 05:54:56 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-03-18 05:54:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-03-15 04:07:52 -------- d-----w- C:\Program Files\iPod
    2011-03-15 04:07:51 -------- d-----w- C:\Program Files\iTunes
    2011-03-15 04:07:51 -------- d-----w- C:\Program Files (x86)\iTunes
    2011-03-15 04:04:43 -------- d-----w- C:\Program Files\Bonjour
    2011-03-15 04:04:43 -------- d-----w- C:\Program Files (x86)\Bonjour
    2011-03-14 07:21:16 -------- d-----w- C:\Users\TONY\AppData\Local\DOSBox
    2011-03-14 07:21:01 -------- d-----w- C:\Program Files (x86)\DOSBox-0.74
    2011-03-12 19:28:40 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2011-03-12 19:28:40 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2011-03-09 20:11:51 731136 ----a-w- C:\Windows\System32\mstsc.exe
    2011-03-09 20:11:51 677888 ----a-w- C:\Windows\SysWow64\mstsc.exe
    2011-03-09 20:11:51 2425344 ----a-w- C:\Windows\System32\mstscax.dll
    2011-03-09 20:11:51 2067968 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2011-03-09 20:11:50 559616 ----a-w- C:\Windows\System32\EncDec.dll
    2011-03-09 20:11:50 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2011-03-09 20:11:50 416768 ----a-w- C:\Windows\System32\sbe.dll
    2011-03-09 20:11:49 322560 ----a-w- C:\Windows\SysWow64\sbe.dll
    2011-03-09 20:11:49 226816 ----a-w- C:\Windows\System32\mpg2splt.ax
    2011-03-09 20:11:49 210944 ----a-w- C:\Windows\System32\sbeio.dll
    2011-03-09 20:11:49 177664 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2011-03-09 20:11:49 153088 ----a-w- C:\Windows\SysWow64\sbeio.dll
    2011-03-09 09:08:47 -------- d-----w- C:\6a58b0cfdb8ea425f0f029
    2011-03-09 09:08:40 -------- d-----w- C:\Windows\System32\ZoneLabs
    2011-03-09 09:03:57 -------- d-----w- C:\Program Files (x86)\Zone Labs
    2011-03-09 09:03:10 -------- d-----w- C:\PROGRA~3\CheckPoint
    2011-03-09 09:03:09 -------- d-----w- C:\Windows\Internet Logs
    .
    ==================== Find3M ====================
    .
    2011-03-07 18:56:59 218496 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2011-03-07 18:56:59 218496 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2011-02-28 01:32:55 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
    2011-02-28 01:32:55 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2011-02-28 01:32:55 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
    2011-02-28 01:32:55 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2011-02-18 23:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
    2011-02-18 23:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
    2011-02-03 05:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-02-03 01:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-01-20 16:46:10 900480 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2011-01-20 16:17:15 366592 ----a-w- C:\Windows\System32\winspool.drv
    2011-01-20 16:17:03 625152 ----a-w- C:\Windows\System32\dxgi.dll
    2011-01-20 16:16:53 287232 ----a-w- C:\Windows\System32\d3d10core.dll
    2011-01-20 16:16:52 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2011-01-20 16:16:52 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
    2011-01-20 16:16:52 1268224 ----a-w- C:\Windows\System32\d3d10.dll
    2011-01-20 16:16:47 748544 ----a-w- C:\Windows\System32\stobject.dll
    2011-01-20 16:16:40 47104 ----a-w- C:\Windows\System32\cdd.dll
    2011-01-20 16:16:10 3548672 ----a-w- C:\Windows\System32\mf.dll
    2011-01-20 16:16:08 35840 ----a-w- C:\Windows\System32\printfilterpipelineprxy.dll
    2011-01-20 16:14:49 278528 ----a-w- C:\Windows\System32\mfplat.dll
    2011-01-20 16:14:49 195072 ----a-w- C:\Windows\System32\mfps.dll
    2011-01-20 16:08:16 478720 ----a-w- C:\Windows\SysWow64\dxgi.dll
    2011-01-20 16:08:06 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2011-01-20 16:08:06 189952 ----a-w- C:\Windows\SysWow64\d3d10core.dll
    2011-01-20 16:08:06 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2011-01-20 16:08:06 1029120 ----a-w- C:\Windows\SysWow64\d3d10.dll
    2011-01-20 16:07:42 258048 ----a-w- C:\Windows\SysWow64\winspool.drv
    2011-01-20 16:07:16 586240 ----a-w- C:\Windows\SysWow64\stobject.dll
    2011-01-20 16:06:38 2873344 ----a-w- C:\Windows\SysWow64\mf.dll
    2011-01-20 16:04:54 98816 ----a-w- C:\Windows\SysWow64\mfps.dll
    2011-01-20 16:04:54 209920 ----a-w- C:\Windows\SysWow64\mfplat.dll
    2011-01-20 15:01:50 3068416 ----a-w- C:\Windows\System32\xpsservices.dll
    2011-01-20 15:01:09 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
    2011-01-20 14:59:59 1032192 ----a-w- C:\Windows\System32\printfilterpipelinesvc.exe
    2011-01-20 14:58:38 1461760 ----a-w- C:\Windows\System32\OpcServices.dll
    2011-01-20 14:57:28 231936 ----a-w- C:\Windows\System32\XpsRasterService.dll
    2011-01-20 14:42:00 1257984 ----a-w- C:\Windows\System32\MFH264Dec.dll
    2011-01-20 14:41:29 428544 ----a-w- C:\Windows\System32\MFHEAACdec.dll
    2011-01-20 14:40:17 345088 ----a-w- C:\Windows\System32\mfreadwrite.dll
    2011-01-20 14:40:14 34304 ----a-w- C:\Windows\System32\mfpmp.exe
    2011-01-20 14:40:11 377344 ----a-w- C:\Windows\System32\mfmp4src.dll
    2011-01-20 14:37:06 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
    2011-01-20 14:35:30 566272 ----a-w- C:\Windows\System32\d3d10level9.dll
    2011-01-20 14:28:38 1554432 ----a-w- C:\Windows\SysWow64\xpsservices.dll
    2011-01-20 14:27:50 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2011-01-20 14:25:25 847360 ----a-w- C:\Windows\SysWow64\OpcServices.dll
    2011-01-20 14:24:26 135680 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
    2011-01-20 14:15:10 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll
    2011-01-20 14:14:39 357376 ----a-w- C:\Windows\SysWow64\MFHEAACdec.dll
    2011-01-20 14:14:03 302592 ----a-w- C:\Windows\SysWow64\mfmp4src.dll
    2011-01-20 14:14:03 261632 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
    2011-01-20 14:12:46 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2011-01-20 14:11:34 486400 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2011-01-20 14:06:15 834048 ----a-w- C:\Windows\System32\d2d1.dll
    2011-01-20 13:47:51 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2011-01-08 09:03:01 48128 ----a-w- C:\Windows\System32\atmlib.dll
    2011-01-08 08:47:50 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-01-08 06:45:51 367104 ----a-w- C:\Windows\System32\atmfd.dll
    2011-01-08 06:28:49 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2011-01-08 04:49:34 795752 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll
    2011-01-08 04:49:28 6143080 ----a-w- C:\Windows\System32\nvcpl.dll
    2011-01-08 04:49:10 3156072 ----a-w- C:\Windows\System32\nvsvc64.dll
    2011-01-08 04:48:58 117864 ----a-w- C:\Windows\System32\nvmctray.dll
    2011-01-08 04:48:58 1005160 ----a-w- C:\Windows\System32\nvvsvc.exe
    .
    ============= FINISH: 21:42:25.15 ===============
     
  9. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    attach

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/5/2010 9:45:09 PM
    System Uptime: 3/31/2011 8:57:31 PM (1 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | Benicia
    Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz | CPU 1 | 2500/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 453 GiB total, 260.107 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 1.774 GiB free.
    F: is CDROM (UDF)
    H: is Removable
    I: is Removable
    J: is Removable
    K: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP329: 3/24/2011 6:04:42 PM - ComboFix created restore point
    RP330: 3/24/2011 6:36:36 PM - OTL Restore Point
    RP331: 3/24/2011 7:33:40 PM - OTL Restore Point
    RP332: 3/24/2011 7:46:59 PM - OTL Restore Point
    RP333: 3/24/2011 8:28:50 PM - Installed HP Update
    RP334: 3/24/2011 8:35:13 PM - Installed Java(TM) 6 Update 22
    RP335: 3/24/2011 8:36:23 PM - Installed OpenOffice.org 3.3
    RP336: 3/24/2011 9:00:37 PM - Configured PowerStarter
    RP337: 3/24/2011 11:06:54 PM - Windows Update
    RP338: 3/26/2011 5:37:21 AM - Scheduled Checkpoint
    RP339: 3/27/2011 12:00:01 AM - Scheduled Checkpoint
    RP340: 3/27/2011 10:09:38 PM - Scheduled Checkpoint
    RP341: 3/28/2011 12:54:04 PM - Configured MediaSmart DVD
    RP342: 3/29/2011 1:05:21 AM - Windows Update
    RP343: 3/29/2011 1:26:28 PM - Scheduled Checkpoint
    RP344: 3/30/2011 2:51:34 AM - Scheduled Checkpoint
    RP345: 3/31/2011 12:00:01 AM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    .
    Absolute Futurity SpeedTestPro Ver 1.0.733
    ActiveCheck component for HP Active Support Library
    Ad-Aware
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.3
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Software Update
    Avira AntiVir Personal - Free Antivirus
    Belarc Advisor 8.1
    Call of Duty: Modern Warfare 2
    Call of Duty: Modern Warfare 2 - Multiplayer
    Canon Easy-WebPrint EX
    Canon IJ Network Scan Utility
    Canon IJ Network Tool
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    Canon MP Navigator EX 3.1
    Canon MX340 series User Registration
    Canon Speed Dial Utility
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    Company of Heroes Singleplayer Demo
    Compatibility Pack for the 2007 Office system
    Creative ALchemy
    Creative Media Toolbox 6
    Creative Media Toolbox 6 (Shared Components)
    Creative MediaSource 5
    Creative Software AutoUpdate
    Creative System Information
    Creative WaveStudio 7
    D-Link Corporation Control Program
    DivX Setup
    Enhanced Multimedia Keyboard Solution
    ESET Online Scanner v3
    Fallout 3 - Game of the Year Edition
    Fallout: New Vegas
    Google Chrome
    Google Gears
    Google Talk (remove only)
    Google Talk Plugin
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Advisor
    HP Customer Experience Enhancements
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP Picasso Media Center Add-In
    HP Recovery Manager RSS
    HP Total Care Setup
    HP Update
    HPAsset component for HP Active Support Library
    Jade Empire: Special Edition
    Java Auto Updater
    Java(TM) 6 Update 20
    Java(TM) 6 Update 22
    Java(TM) 6 Update 24
    Java(TM) 6 Update 7
    Juno Preloader
    LabelPrint
    Lead and Gold - Gangs of the Wild West
    LightScribe System Software
    LightScribe Template Labeler
    Mafia
    Malwarebytes' Anti-Malware
    Medal of Honor(TM) Multiplayer
    Medal of Honor(TM) Single Player
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Live Search Toolbar
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Mozilla Firefox (3.6.13)
    Mozilla Firefox 4.0 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    My HP Games
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    OpenAL
    OpenOffice.org 3.3
    Painkiller Demo
    Pando Media Booster
    PictureMover
    Power2Go
    PowerDirector
    PunkBuster Services
    Python 2.5.2
    QuickTime
    Realtek High Definition Audio Driver
    Saitek Call Of Duty Modern Warefare 2 Profiles
    SB Arena Headset
    Secunia PSI (2.0.0.3001)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Sid Meier's Civilization V
    Skype Toolbars
    Skype™ 5.1
    sp44626
    Steam
    System Requirements Lab
    System Requirements Lab CYRI
    The Lord of the Rings Online™: Siege of Mirkwood™ v03.01.00.802
    TVAnts 1.0
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    VC80CRTRedist - 8.0.50727.4053
    Veetle TV 0.9.18
    Ventrilo Client
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Winamp
    Winamp Detector Plug-in
    Zombie Driver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/31/2011 9:03:56 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    3/31/2011 8:58:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep i8042prt
    3/31/2011 8:56:24 PM, Error: Service Control Manager [7034] - The Creative Audio Service service terminated unexpectedly. It has done this 1 time(s).
    3/24/2011 8:27:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    3/24/2011 8:27:27 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/24/2011 8:27:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/24/2011 8:21:44 PM, Error: Service Control Manager [7030] - The Lavasoft Ad-Aware Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    3/24/2011 6:14:45 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    3/24/2011 6:14:23 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    3/24/2011 6:04:42 PM, Error: volsnap [20] - The shadow copies of volume C: were aborted because of a failed free space computation.
    3/24/2011 4:19:48 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 98.207.203.155 for the Network Card with network address 1CAFF76C02A7 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    3/24/2011 4:04:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
    3/24/2011 3:56:54 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.100.10 for the Network Card with network address 1CAFF76C02A7 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
    3/24/2011 11:28:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
    3/24/2011 11:28:41 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/24/2011 11:26:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
    3/24/2011 11:26:18 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  10. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    if i run TFC, i can run video player from fancast.com just fine and my internet seems snappy. I can watch a few videos back to back. every night, when my antiver scans, it finds the
    html/infected.webpage.gen and then my player stops working.
     
  11. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    You're running two AV programs, Lavasoft Ad-Watch Live! Anti-Virus and Avira.
    One of them has to go.
    I suggest, Lavasoft goes.

    I still need GMER log.
     
  12. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    GMER returns a blank log
    deactivated ad watch live
     
  13. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  14. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    and like clockwork,
    antivir finds object F0FEDd01 while scanning D:/windows/system32/wucltux.dll
    HTML/infected.webpage.gen
     
  15. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    mbr check

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 64-bit
    Base Board Manufacturer: PEGATRON CORPORATION
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: HP-Pavilion
    System Product Name: NC715AAR-ABA a6712f
    Logical Drives Mask: 0x000007bc

    Kernel Drivers (total 141):
    0x01E47000 \SystemRoot\system32\ntoskrnl.exe
    0x01E01000 \SystemRoot\system32\hal.dll
    0x00607000 \SystemRoot\system32\kdcom.dll
    0x00611000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x0064C000 \SystemRoot\system32\PSHED.dll
    0x00660000 \SystemRoot\system32\CLFS.SYS
    0x006BD000 \SystemRoot\system32\CI.dll
    0x00809000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x008E3000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x008F1000 \SystemRoot\system32\drivers\acpi.sys
    0x00947000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x00950000 \SystemRoot\system32\drivers\msisadrv.sys
    0x0095A000 \SystemRoot\system32\drivers\pci.sys
    0x0098A000 \SystemRoot\System32\drivers\partmgr.sys
    0x0099F000 \SystemRoot\system32\drivers\volmgr.sys
    0x0076F000 \SystemRoot\System32\drivers\volmgrx.sys
    0x009B3000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00A03000 \SystemRoot\system32\drivers\iastor.sys
    0x00B1F000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00B66000 \SystemRoot\system32\drivers\fileinfo.sys
    0x00B7A000 \SystemRoot\system32\DRIVERS\Lbd.sys
    0x00C0B000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x00E0B000 \SystemRoot\system32\drivers\ndis.sys
    0x00C92000 \SystemRoot\system32\drivers\msrpc.sys
    0x00CE2000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01001000 \SystemRoot\System32\drivers\tcpip.sys
    0x01177000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x0120C000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0138C000 \SystemRoot\system32\drivers\volsnap.sys
    0x013D0000 \SystemRoot\System32\Drivers\spldr.sys
    0x013D8000 \SystemRoot\System32\Drivers\mup.sys
    0x011A3000 \SystemRoot\System32\drivers\ecache.sys
    0x013EA000 \SystemRoot\system32\drivers\disk.sys
    0x011CF000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x01200000 \SystemRoot\system32\drivers\crcdisk.sys
    0x02328000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x02335000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x0233E000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x02403000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x0305E000 \SystemRoot\System32\Drivers\nvBridge.kmd
    0x03060000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x03143000 \SystemRoot\System32\drivers\watchdog.sys
    0x03153000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x0315F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x031A5000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03208000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x032F5000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
    0x03323000 \SystemRoot\system32\DRIVERS\m4cxvst64.sys
    0x03388000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x0339A000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x033AA000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x033C6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x031B6000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x02351000 \SystemRoot\system32\DRIVERS\storport.sys
    0x033D3000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x023AE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x033E0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x00D3B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x033EC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x023D1000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x00FDC000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x00D6C000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x031EF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x023EF000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x02200000 \SystemRoot\system32\drivers\SaiBus.sys
    0x033FC000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x00D7F000 \SystemRoot\system32\DRIVERS\ks.sys
    0x03200000 \SystemRoot\system32\drivers\LGBusEnum.sys
    0x00FF4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x00DB3000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x00B8F000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x00DC3000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x03204000 \SystemRoot\system32\DRIVERS\SaiMini.sys
    0x00DD7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x00E00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x0480A000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x04977000 \SystemRoot\system32\drivers\portcls.sys
    0x049B2000 \SystemRoot\system32\drivers\drmk.sys
    0x049D5000 \SystemRoot\system32\drivers\ksthunk.sys
    0x049DB000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x049E6000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x049F1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x04800000 \SystemRoot\System32\Drivers\Null.SYS
    0x00DE9000 \SystemRoot\System32\drivers\vga.sys
    0x00BD7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x00DF7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x00C00000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x009C6000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x009D1000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x009E2000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x007D5000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x04600000 \SystemRoot\system32\DRIVERS\smb.sys
    0x0461B000 \SystemRoot\system32\drivers\afd.sys
    0x04686000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x046CA000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x046E8000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x046F7000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x04712000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x0475F000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x0476B000 \SystemRoot\System32\Drivers\dfsc.sys
    0x04788000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x047AA000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x0220B000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x04C00000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x04D1C000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x04D25000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x04D27000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x00030000 \SystemRoot\System32\win32k.sys
    0x04D3F000 \SystemRoot\System32\drivers\Dxapi.sys
    0x04D4B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x04D67000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00450000 \SystemRoot\System32\TSDDD.dll
    0x006D0000 \SystemRoot\System32\cdd.dll
    0x008F0000 \SystemRoot\System32\ATMFD.DLL
    0x04D7A000 \SystemRoot\system32\drivers\luafv.sys
    0x04D9C000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x02219000 \SystemRoot\system32\drivers\spsys.sys
    0x04DB9000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x04DCD000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x022B3000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x04DE5000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
    0x0920B000 \SystemRoot\system32\drivers\HTTP.sys
    0x092AE000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x092D7000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x092F5000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x0930F000 \SystemRoot\system32\drivers\mrxdav.sys
    0x09336000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x0935F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x093A8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x093C7000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x09400000 \SystemRoot\System32\DRIVERS\srv.sys
    0x09494000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0x09499000 \SystemRoot\system32\drivers\peauth.sys
    0x0954F000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x0955A000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x0958F000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x0959F000 \SystemRoot\system32\DRIVERS\xaudio64.sys
    0x095B0000 \SystemRoot\system32\drivers\LGVirHid.sys
    0x095B3000 \SystemRoot\system32\drivers\usbaudio.sys
    0x095CC000 \SystemRoot\system32\drivers\Ctafiltv.sys
    0x77480000 \Windows\System32\ntdll.dll

    Processes (total 103):
    0 System Idle Process
    4 System
    552 C:\Windows\System32\smss.exe
    620 csrss.exe
    664 C:\Windows\System32\wininit.exe
    684 csrss.exe
    720 C:\Windows\System32\services.exe
    736 C:\Windows\System32\lsass.exe
    744 C:\Windows\System32\lsm.exe
    820 C:\Windows\System32\winlogon.exe
    928 C:\Windows\System32\svchost.exe
    992 C:\Windows\System32\nvvsvc.exe
    1020 C:\Windows\System32\svchost.exe
    392 C:\Windows\System32\svchost.exe
    588 C:\Windows\System32\svchost.exe
    612 C:\Windows\System32\svchost.exe
    936 C:\Windows\System32\svchost.exe
    1096 C:\Windows\System32\audiodg.exe
    1120 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    1160 C:\Windows\System32\svchost.exe
    1176 C:\Windows\System32\SLsvc.exe
    1220 C:\Windows\System32\svchost.exe
    1324 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    1336 C:\Windows\System32\nvvsvc.exe
    1428 C:\Windows\System32\svchost.exe
    1544 WUDFHost.exe
    1580 WUDFHost.exe
    1688 C:\Windows\System32\spoolsv.exe
    1716 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1728 C:\Windows\System32\svchost.exe
    1292 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    1516 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1828 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    912 C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
    2012 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    1272 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    1204 C:\Windows\SysWOW64\PnkBstrA.exe
    1252 C:\Windows\System32\svchost.exe
    2072 C:\Program Files (x86)\Secunia\PSI\psia.exe
    2152 C:\Windows\System32\taskeng.exe
    2304 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    2328 C:\Windows\System32\svchost.exe
    2364 C:\Windows\System32\svchost.exe
    2424 C:\Windows\System32\SearchIndexer.exe
    2592 C:\Windows\System32\drivers\XAudio64.exe
    2604 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    2696 WUDFHost.exe
    2860 C:\Windows\System32\dwm.exe
    2980 C:\Windows\System32\taskeng.exe
    2988 C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    3000 C:\Windows\explorer.exe
    3076 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    3084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    3092 C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
    3104 C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
    3120 C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
    3128 C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    3144 C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    3196 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    3216 C:\Windows\ehome\ehtray.exe
    3264 C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    3656 C:\Program Files (x86)\Secunia\PSI\sua.exe
    3740 C:\Windows\ehome\ehmsas.exe
    3892 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    3920 C:\hp\support\hpsysdrv.exe
    4012 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    4056 C:\Program Files (x86)\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe
    4064 C:\Windows\SysWOW64\rundll32.exe
    4072 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    4084 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    3176 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    672 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    424 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    3764 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3884 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2204 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    1964 C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
    2900 C:\Program Files\Windows Mail\WindowsMailGadget.exe
    3944 C:\Program Files\iPod\bin\iPodService.exe
    4144 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    4248 C:\Program Files\Windows Mail\WinMail.exe
    4744 taskeng.exe
    4976 C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
    4984 C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
    4992 C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
    2272 C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe
    1200 C:\Windows\System32\svchost.exe
    3760 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    1248 C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugin-container.exe
    172 C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugin-container.exe
    4540 C:\Users\TONY\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    4100 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    5300 C:\Program Files (x86)\Steam\Steam.exe
    5448 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    5644 C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
    5232 C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugin-container.exe
    5144 C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
    5280 C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
    5464 C:\Windows\System32\SearchProtocolHost.exe
    5624 C:\Windows\System32\SearchFilterHost.exe
    4612 dllhost.exe
    5240 dllhost.exe
    2568 C:\Users\TONY\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`311b4200 (NTFS)
    \\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`02f10c00

    PhysicalDrive0 Model Number: HitachiHDP725050GLA360, Rev: GM4OA57A
    PhysicalDrive1 Model Number: WDCWD1600JS-75NCB1, Rev: 10.02E01

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: CEFD837A02A1F4445A136688B10013AE4399C2CF
    149 GB \\.\PhysicalDrive1 Dell MBR code detected
    SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  16. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    combo fix

    ComboFix 11-03-31.05 - TONY 04/01/2011 8:23.2.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6142.3888 [GMT -7:00]
    Running from: c:\users\TONY\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\TONY\AppData\Local\temp\ppcrlui_4248_2
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-01 to 2011-04-01 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-01 15:30 . 2011-04-01 15:30 -------- d-----w- c:\users\TONY\AppData\Local\temp
    2011-04-01 15:30 . 2011-04-01 15:30 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-04-01 15:21 . 2011-04-01 15:22 -------- d-----w- C:\32788R22FWJFW
    2011-04-01 12:29 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{432F838F-EEA7-41E2-BF66-894426FCA215}\mpengine.dll
    2011-03-28 19:53 . 2011-03-28 19:53 -------- d-----w- c:\windows\Hewlett-Packard
    2011-03-28 16:37 . 2011-03-28 20:12 -------- d-----w- c:\users\TONY\AppData\Roaming\HpUpdate
    2011-03-25 03:31 . 2011-03-25 03:31 -------- d-----w- c:\program files (x86)\HP
    2011-03-25 03:28 . 2011-03-25 03:28 -------- d-----w- C:\SwSetup
    2011-03-25 03:23 . 2011-03-24 08:03 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-03-25 03:23 . 2011-03-25 03:23 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-03-25 03:16 . 2011-03-25 03:16 -------- dc-h--w- c:\programdata\{6A27DD32-7047-49DB-A679-BD2BD6B0BBD1}
    2011-03-25 03:12 . 2011-03-25 03:12 -------- d-----w- c:\users\TONY\AppData\Local\Secunia PSI
    2011-03-25 03:11 . 2011-03-25 03:11 -------- d-----w- c:\program files (x86)\Secunia
    2011-03-25 02:20 . 2011-03-25 02:20 -------- d-----w- c:\program files (x86)\ESET
    2011-03-24 22:31 . 2011-03-24 22:31 -------- d-----w- c:\users\TONY\AppData\Local\LAG
    2011-03-24 22:31 . 2011-03-24 22:31 -------- d-----w- c:\programdata\LAG
    2011-03-22 21:10 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-03-22 21:10 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2011-03-22 21:10 . 2011-02-22 13:53 1555968 ----a-w- c:\windows\system32\DWrite.dll
    2011-03-22 21:10 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll
    2011-03-22 21:10 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
    2011-03-18 05:55 . 2011-03-18 05:55 -------- d-----w- c:\users\TONY\AppData\Roaming\Malwarebytes
    2011-03-18 05:55 . 2010-12-21 01:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-18 05:54 . 2011-03-18 05:54 -------- d-----w- c:\programdata\Malwarebytes
    2011-03-18 05:54 . 2011-03-18 05:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-03-18 05:54 . 2010-12-21 01:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-15 04:07 . 2011-03-15 04:07 -------- d-----w- c:\program files\iPod
    2011-03-15 04:07 . 2011-03-15 04:08 -------- d-----w- c:\program files\iTunes
    2011-03-15 04:07 . 2011-03-15 04:08 -------- d-----w- c:\program files (x86)\iTunes
    2011-03-15 04:04 . 2011-03-15 04:04 -------- d-----w- c:\program files\Bonjour
    2011-03-15 04:04 . 2011-03-15 04:04 -------- d-----w- c:\program files (x86)\Bonjour
    2011-03-14 07:21 . 2011-03-14 07:21 -------- d-----w- c:\users\TONY\AppData\Local\DOSBox
    2011-03-14 07:21 . 2011-03-14 07:21 -------- d-----w- c:\program files (x86)\DOSBox-0.74
    2011-03-12 19:28 . 2011-03-12 19:28 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2011-03-12 19:28 . 2011-03-12 19:28 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2011-03-09 20:11 . 2010-12-17 17:34 2425344 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-09 20:11 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll
    2011-03-09 20:11 . 2010-12-17 15:41 731136 ----a-w- c:\windows\system32\mstsc.exe
    2011-03-09 20:11 . 2010-12-17 13:54 677888 ----a-w- c:\windows\SysWow64\mstsc.exe
    2011-03-09 20:11 . 2010-12-29 19:01 416768 ----a-w- c:\windows\system32\sbe.dll
    2011-03-09 20:11 . 2010-12-29 19:01 559616 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-09 20:11 . 2010-12-29 18:28 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
    2011-03-09 20:11 . 2010-12-29 19:01 210944 ----a-w- c:\windows\system32\sbeio.dll
    2011-03-09 20:11 . 2010-12-29 18:59 226816 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-09 20:11 . 2010-12-29 18:28 322560 ----a-w- c:\windows\SysWow64\sbe.dll
    2011-03-09 20:11 . 2010-12-29 18:28 153088 ----a-w- c:\windows\SysWow64\sbeio.dll
    2011-03-09 20:11 . 2010-12-29 18:26 177664 ----a-w- c:\windows\SysWow64\mpg2splt.ax
    2011-03-09 09:08 . 2011-03-09 09:08 -------- d-----w- C:\6a58b0cfdb8ea425f0f029
    2011-03-09 09:08 . 2011-03-09 09:08 -------- d-----w- c:\windows\system32\ZoneLabs
    2011-03-09 09:03 . 2011-03-09 09:03 -------- d-----w- c:\program files (x86)\Zone Labs
    2011-03-09 09:03 . 2011-03-09 09:03 -------- d-----w- c:\programdata\CheckPoint
    2011-03-09 09:03 . 2011-03-09 10:25 -------- d-----w- c:\windows\Internet Logs
    2011-03-05 04:35 . 2011-03-05 04:35 -------- d-----w- c:\programdata\McAfee
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-07 18:56 . 2010-10-06 06:20 218496 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2011-03-07 18:56 . 2010-10-06 06:15 218496 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2011-02-28 01:32 . 2010-11-30 20:56 466456 ----a-w- c:\windows\system32\wrap_oal.dll
    2011-02-28 01:32 . 2010-11-30 20:56 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2011-02-28 01:32 . 2010-11-30 20:56 122904 ----a-w- c:\windows\system32\OpenAL32.dll
    2011-02-28 01:32 . 2010-11-30 20:56 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2011-02-18 23:36 . 2011-02-18 23:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
    2011-02-18 23:36 . 2011-02-18 23:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-02-03 05:40 . 2010-09-15 20:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-02-03 01:11 . 2010-08-07 09:14 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-01-20 16:46 . 2011-02-09 12:37 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-01-20 16:17 . 2011-02-09 12:37 366592 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:17 . 2011-02-09 12:37 625152 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:16 . 2011-02-09 12:37 287232 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:16 . 2011-02-09 12:37 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:16 . 2011-02-09 12:37 196096 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:16 . 2011-02-09 12:37 1268224 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:16 . 2011-02-09 12:37 748544 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:16 . 2011-02-09 12:37 47104 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:16 . 2011-02-09 12:37 3548672 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:16 . 2011-02-09 12:37 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:14 . 2011-02-09 12:37 278528 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 16:14 . 2011-02-09 12:37 195072 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 16:08 . 2011-02-09 12:37 478720 ----a-w- c:\windows\SysWow64\dxgi.dll
    2011-01-20 16:08 . 2011-02-09 12:37 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
    2011-01-20 16:08 . 2011-02-09 12:37 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll
    2011-01-20 16:08 . 2011-02-09 12:37 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
    2011-01-20 16:08 . 2011-02-09 12:37 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll
    2011-01-20 16:07 . 2011-02-09 12:37 258048 ----a-w- c:\windows\SysWow64\winspool.drv
    2011-01-20 16:07 . 2011-02-09 12:37 586240 ----a-w- c:\windows\SysWow64\stobject.dll
    2011-01-20 16:06 . 2011-02-09 12:37 2873344 ----a-w- c:\windows\SysWow64\mf.dll
    2011-01-20 16:04 . 2011-02-09 12:37 209920 ----a-w- c:\windows\SysWow64\mfplat.dll
    2011-01-20 16:04 . 2011-02-09 12:37 98816 ----a-w- c:\windows\SysWow64\mfps.dll
    2011-01-20 15:01 . 2011-02-09 12:37 3068416 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 15:01 . 2011-02-09 12:37 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:59 . 2011-02-09 12:37 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:58 . 2011-02-09 12:37 1461760 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:57 . 2011-02-09 12:37 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:42 . 2011-02-09 12:37 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:41 . 2011-02-09 12:37 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:40 . 2011-02-09 12:37 345088 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:40 . 2011-02-09 12:37 34304 ----a-w- c:\windows\system32\mfpmp.exe
    2011-01-20 14:40 . 2011-02-09 12:37 377344 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:37 . 2011-02-09 12:37 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:35 . 2011-02-09 12:37 566272 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 14:28 . 2011-02-09 12:37 1554432 ----a-w- c:\windows\SysWow64\xpsservices.dll
    2011-01-20 14:27 . 2011-02-09 12:37 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
    2011-01-20 14:25 . 2011-02-09 12:37 847360 ----a-w- c:\windows\SysWow64\OpcServices.dll
    2011-01-20 14:24 . 2011-02-09 12:37 135680 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
    2011-01-20 14:15 . 2011-02-09 12:37 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
    2011-01-20 14:14 . 2011-02-09 12:37 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll
    2011-01-20 14:14 . 2011-02-09 12:37 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll
    2011-01-20 14:14 . 2011-02-09 12:37 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
    2011-01-20 14:12 . 2011-02-09 12:37 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2011-01-20 14:11 . 2011-02-09 12:37 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2011-01-20 14:06 . 2011-02-09 12:37 834048 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-20 13:47 . 2011-02-09 12:37 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
    2011-01-08 09:03 . 2011-02-09 12:37 48128 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 08:47 . 2011-02-09 12:37 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2011-01-08 06:45 . 2011-02-09 12:37 367104 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-08 06:28 . 2011-02-09 12:37 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
    2011-01-08 04:49 . 2011-01-08 04:49 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
    2011-01-08 04:49 . 2011-01-08 04:49 6143080 ----a-w- c:\windows\system32\nvcpl.dll
    2011-01-08 04:49 . 2011-01-08 04:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll
    2011-01-08 04:48 . 2011-01-08 04:48 117864 ----a-w- c:\windows\system32\nvmctray.dll
    2011-01-08 04:48 . 2011-01-08 04:48 1005160 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-01-08 03:27 . 2010-08-15 16:26 5653096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2011-01-08 03:27 . 2010-04-04 05:55 2200680 ----a-w- c:\windows\system32\nvapi64.dll
    2011-01-08 03:27 . 2010-04-04 05:55 12859496 ----a-w- c:\windows\system32\nvd3dumx.dll
    2011-01-08 03:27 . 2010-04-04 05:55 10078312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "Google Update"="c:\users\TONY\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-15 136176]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
    "KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
    "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
    "VolPanel"="c:\program files (x86)\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe" [2009-05-05 241789]
    "CtaMon"="CtaMon.dll" [2008-08-27 9728]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
    "DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200]
    .
    c:\users\TONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-21 136176]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-11-30 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-30 79360]
    R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2010-11-30 79360]
    R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-03-24 1405384]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-03-24 17152]
    R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
    R3 SaiK0D14;SaiK0D14;c:\windows\system32\DRIVERS\SaiK0D14.sys [x]
    R3 SkLaggProtocol;Marvell Link Aggregation Protocol;c:\windows\system32\DRIVERS\yk60x64l.sys [x]
    R3 SkVlanProtocol;Marvell VLAN Protocol;c:\windows\system32\DRIVERS\yk60x64v.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-10 993848]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-10 399416]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
    S3 Ctafiltv;Ctafiltv;c:\windows\system32\drivers\Ctafiltv.sys [x]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
    S3 m4cxvst64;NDIS6.0 Miniport Driver for D-Link DGE-5xx Gigabit Ethernet Adapter;c:\windows\system32\DRIVERS\m4cxvst64.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-21 18:34]
    .
    2011-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-21 18:34]
    .
    2011-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723436897-3598471683-1063297262-1000Core.job
    - c:\users\TONY\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-15 05:27]
    .
    2011-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723436897-3598471683-1063297262-1000UA.job
    - c:\users\TONY\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-15 05:27]
    .
    2011-03-19 c:\windows\Tasks\HPCeeScheduleForTONY.job
    - c:\program files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2009-01-26 19:12]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-10-06 182808]
    "SaiVolume"="c:\program files\Saitek\CyborgKeyboard\SaiVolume.exe" [2009-09-04 186880]
    "ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2009-09-04 357888]
    "SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-09-04 194560]
    "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
    "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
    "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    FF - ProfilePath - c:\users\TONY\AppData\Roaming\Mozilla\Firefox\Profiles\iv2qscxq.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-SmartMenu - %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe
    AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    Completion time: 2011-04-01 08:31:55
    ComboFix-quarantined-files.txt 2011-04-01 15:31
    .
    Pre-Run: 273,065,787,392 bytes free
    Post-Run: 273,036,529,664 bytes free
    .
    - - End Of File - - D0C5149C3E998BB2C036CBD85C018C2E
     
  17. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    You need to uninstall it.
    I still see it present.

    What is D drive?
    How come do you have "Windows" folder there?

    =====================================================================

    Combofix log looks fine.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    wucltux.dll
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  18. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    d: is factory recovery image
    uninstalled ad-aware
     
  19. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Put that file (D:/windows/system32/wucltux.dll) into Avira's exception.
    It's a legit, safe file.
     
  20. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    OTL

    OTL

    OTL logfile created on: 4/1/2011 9:00:30 AM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\TONY\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19019)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 59.00% Memory free
    12.00 Gb Paging File | 10.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 452.77 Gb Total Space | 254.66 Gb Free Space | 56.24% Space Free | Partition Type: NTFS
    Drive D: | 12.99 Gb Total Space | 1.77 Gb Free Space | 13.66% Space Free | Partition Type: NTFS
    Drive F: | 7.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: TONY-PC | User Name: TONY | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/04/01 08:57:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\TONY\Desktop\OTL.exe
    PRC - [2011/03/23 22:09:53 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    PRC - [2011/03/20 21:02:15 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugin-container.exe
    PRC - [2011/03/20 21:02:14 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe
    PRC - [2011/03/17 03:19:08 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/01/25 18:42:10 | 000,083,440 | ---- | M] (Google) -- C:\Users\TONY\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    PRC - [2011/01/10 16:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2011/01/10 07:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
    PRC - [2011/01/10 07:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
    PRC - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2010/11/16 23:07:40 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
    PRC - [2010/11/03 00:40:17 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/11/03 00:40:16 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/10/17 12:40:01 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    PRC - [2010/10/13 01:55:14 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2010/09/13 06:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    PRC - [2009/09/09 14:26:36 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    PRC - [2009/09/08 14:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
    PRC - [2009/05/04 20:05:04 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe
    PRC - [2009/02/22 20:43:55 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    PRC - [2008/10/06 13:36:16 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/10/06 13:36:14 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2007/04/18 08:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/04/01 08:57:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\TONY\Desktop\OTL.exe
    MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2008/09/04 04:35:08 | 000,434,688 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
    SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2011/03/23 22:09:53 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011/03/17 03:19:08 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2011/01/10 07:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
    SRV - [2011/01/10 07:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
    SRV - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/11/30 14:39:43 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
    SRV - [2010/11/30 14:04:36 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
    SRV - [2010/11/30 13:55:46 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2010/11/03 00:40:17 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2010/10/13 01:55:14 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/09/08 14:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
    SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/02/22 20:43:55 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
    SRV - [2008/10/06 13:36:16 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2010/11/23 23:19:15 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2010/09/01 01:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\psi_mf.sys -- (PSI)
    DRV:64bit: - [2010/03/02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
    DRV:64bit: - [2009/11/23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
    DRV:64bit: - [2009/11/23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
    DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/09/08 00:41:50 | 000,049,928 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
    DRV:64bit: - [2009/09/08 00:41:50 | 000,022,664 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SaiMini.sys -- (SaiMini)
    DRV:64bit: - [2009/09/08 00:41:29 | 000,160,264 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SaiK0D14.sys -- (SaiK0D14)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/10/06 06:18:02 | 000,405,528 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
    DRV:64bit: - [2008/09/04 04:34:58 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
    DRV:64bit: - [2008/08/13 23:48:33 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ctafiltv.sys -- (Ctafiltv)
    DRV:64bit: - [2008/08/06 09:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
    DRV:64bit: - [2008/02/04 10:52:00 | 000,392,704 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\m4cxvst64.sys -- (m4cxvst64)
    DRV:64bit: - [2007/12/14 10:10:00 | 000,092,160 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64l.sys -- (SkLaggProtocol)
    DRV:64bit: - [2007/11/23 10:10:00 | 000,025,088 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64v.sys -- (SkVlanProtocol)
    DRV:64bit: - [2006/09/18 14:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2006/06/19 07:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2723436897-3598471683-1063297262-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
    IE - HKU\S-1-5-21-2723436897-3598471683-1063297262-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2723436897-3598471683-1063297262-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2723436897-3598471683-1063297262-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
    FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
    FF - prefs.js..keyword.URL: "http://www.google.co.in/search?btnG=Google+Search&q="

    FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2011/01/04 14:59:41 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/02/22 01:10:46 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/02/22 01:10:46 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/01/02 23:39:58 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/24 20:27:27 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\components [2011/03/20 21:02:16 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins [2011/03/24 20:27:27 | 000,000,000 | ---D | M]

    [2010/08/05 21:41:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TONY\AppData\Roaming\Mozilla\Extensions
    [2011/03/24 20:09:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TONY\AppData\Roaming\Mozilla\Firefox\Profiles\iv2qscxq.default\extensions
    [2010/08/11 23:30:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\TONY\AppData\Roaming\Mozilla\Firefox\Profiles\iv2qscxq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/12/16 23:07:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/01/26 17:42:41 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/11/04 23:22:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/09/15 13:02:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/01 23:48:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    File not found (No name found) --
    [2011/03/24 20:36:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 7\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/01/08 07:40:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 7\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/03/04 21:37:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 7\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    () (No name found) -- C:\USERS\TONY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IV2QSCXQ.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI
    () (No name found) -- C:\USERS\TONY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IV2QSCXQ.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
    [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/07/12 09:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

    O1 HOSTS File: ([2011/04/01 08:30:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKU\S-1-5-21-2723436897-3598471683-1063297262-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
    O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
    O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
    O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
    O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
    O4:64bit: - HKLM..\Run: [SaiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [CtaMon] C:\Windows\SysWow64\CtaMon.dll (Creative Technology Ltd.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
    O4 - Startup: C:\Users\TONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2723436897-3598471683-1063297262-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2723436897-3598471683-1063297262-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package)
    O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - File not found
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
    Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
     
  21. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/04/01 08:57:14 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\TONY\Desktop\OTL.exe
    [2011/04/01 08:54:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2011/04/01 08:31:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/04/01 08:31:57 | 000,000,000 | ---D | C] -- C:\Users\TONY\AppData\Local\temp
    [2011/04/01 08:22:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/04/01 08:22:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/04/01 08:22:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/04/01 08:22:12 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/04/01 08:21:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/04/01 08:21:55 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/03/28 12:53:19 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
    [2011/03/28 12:52:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
    [2011/03/28 09:37:09 | 000,000,000 | ---D | C] -- C:\Users\TONY\AppData\Roaming\HpUpdate
    [2011/03/24 21:31:24 | 000,000,000 | ---D | C] -- C:\Users\TONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2011/03/24 20:40:44 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
    [2011/03/24 20:31:51 | 000,000,000 | ---D | C] -- C:\Users\TONY\Desktop\OpenOffice.org 3.3 (en-US) Installation Files
    [2011/03/24 20:31:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
    [2011/03/24 20:28:44 | 000,000,000 | ---D | C] -- C:\SwSetup
    [2011/03/24 20:23:32 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
    [2011/03/24 20:16:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
    [2011/03/24 20:12:00 | 000,000,000 | ---D | C] -- C:\Users\TONY\AppData\Local\Secunia PSI
    [2011/03/24 20:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
    [2011/03/24 19:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2011/03/24 18:03:40 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/03/24 15:31:22 | 000,000,000 | ---D | C] -- C:\Users\TONY\AppData\Local\LAG
    [2011/03/24 15:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\LAG
    [2011/03/24 14:00:24 | 000,000,000 | ---D | C] -- C:\Users\TONY\Desktop\reports
    [2011/03/17 22:55:13 | 000,000,000 | ---D | C] -- C:\Users\TONY\AppData\Roaming\Malwarebytes
    [2011/03/17 22:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/03/17 22:55:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/03/17 22:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/03/17 22:54:56 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/03/17 22:54:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/03/17 22:45:03 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\TONY\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/03/17 22:40:04 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\TONY\Desktop\TFC.exe
    [2011/03/14 21:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/03/14 21:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/03/14 21:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/03/14 21:07:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2011/03/14 21:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/03/14 21:04:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2011/03/14 00:21:16 | 000,000,000 | ---D | C] -- C:\Users\TONY\AppData\Local\DOSBox
    [2011/03/14 00:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
    [2011/03/14 00:21:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DOSBox-0.74
    [2011/03/14 00:07:06 | 000,000,000 | ---D | C] -- C:\Users\TONY\Desktop\wasteland
    [2011/03/09 02:08:47 | 000,000,000 | ---D | C] -- C:\6a58b0cfdb8ea425f0f029
    [2011/03/09 02:08:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ZoneLabs
    [2011/03/09 02:03:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
    [2011/03/09 02:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
    [2011/03/09 02:03:09 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
    [2011/03/04 21:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2011/03/04 21:21:40 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
    [2011/03/04 21:21:40 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/04/01 08:57:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\TONY\Desktop\OTL.exe
    [2011/04/01 08:45:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/04/01 08:32:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2723436897-3598471683-1063297262-1000UA.job
    [2011/04/01 08:30:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/04/01 08:16:31 | 004,311,723 | R--- | M] () -- C:\Users\TONY\Desktop\ComboFix.exe
    [2011/04/01 07:05:35 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/04/01 07:05:35 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/03/31 23:12:02 | 000,802,482 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/03/31 23:12:02 | 000,672,304 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/03/31 23:12:02 | 000,131,726 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/03/31 23:05:55 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/03/31 23:05:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/03/31 21:32:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2723436897-3598471683-1063297262-1000Core.job
    [2011/03/31 20:52:25 | 000,625,664 | ---- | M] () -- C:\Users\TONY\Desktop\dds.scr
    [2011/03/31 00:58:13 | 000,000,680 | ---- | M] () -- C:\Users\TONY\AppData\Local\d3d9caps.dat
    [2011/03/28 15:52:33 | 000,015,768 | ---- | M] () -- C:\Users\TONY\Documents\Midsummer's Feast.odt
    [2011/03/28 13:12:08 | 000,015,816 | ---- | M] () -- C:\Users\TONY\Documents\Untitled 1.odt
    [2011/03/28 12:52:09 | 000,001,032 | ---- | M] () -- C:\Users\TONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
    [2011/03/24 22:59:51 | 000,000,840 | ---- | M] () -- C:\Users\TONY\Desktop\Steam (2).lnk
    [2011/03/24 22:57:59 | 000,000,830 | ---- | M] () -- C:\Users\TONY\Application Data\Microsoft\Internet Explorer\Quick Launch\Steam.lnk
    [2011/03/24 22:57:50 | 000,000,830 | ---- | M] () -- C:\Users\TONY\Application Data\Microsoft\Internet Explorer\Quick Launch\Steam (4).lnk
    [2011/03/24 22:57:28 | 000,000,830 | ---- | M] () -- C:\Users\TONY\Application Data\Microsoft\Internet Explorer\Quick Launch\Steam (3).lnk
    [2011/03/24 22:56:09 | 000,000,830 | ---- | M] () -- C:\Users\TONY\Application Data\Microsoft\Internet Explorer\Quick Launch\Steam (2).lnk
    [2011/03/24 21:31:25 | 000,002,039 | ---- | M] () -- C:\Users\TONY\Desktop\Google Chrome.lnk
    [2011/03/24 21:31:25 | 000,002,001 | ---- | M] () -- C:\Users\TONY\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2011/03/24 20:50:47 | 000,336,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/03/24 20:40:44 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
    [2011/03/24 20:27:27 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011/03/24 20:23:32 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
    [2011/03/24 20:11:53 | 000,000,903 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    [2011/03/24 19:12:18 | 000,879,028 | ---- | M] () -- C:\Users\TONY\Desktop\SecurityCheck.exe
    [2011/03/24 17:56:41 | 000,080,384 | ---- | M] () -- C:\Users\TONY\Desktop\MBRCheck.exe
    [2011/03/19 12:58:03 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTONY.job
    [2011/03/17 22:55:02 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/03/17 22:46:08 | 000,296,448 | ---- | M] () -- C:\Users\TONY\Desktop\xrogppew.exe
    [2011/03/17 22:45:09 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\TONY\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/03/17 22:40:07 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\TONY\Desktop\TFC.exe
    [2011/03/14 21:08:33 | 000,001,656 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/03/14 00:21:01 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
    [2011/03/11 14:00:05 | 000,011,200 | ---- | M] () -- C:\Users\TONY\Desktop\midsummers night feast.odt
    [2011/03/07 11:56:59 | 000,218,496 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
    [2011/03/07 11:56:59 | 000,218,496 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

    ========== Files Created - No Company Name ==========

    [2011/04/01 08:22:22 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/04/01 08:22:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/04/01 08:22:22 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/04/01 08:22:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/04/01 08:22:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/04/01 08:16:36 | 004,311,723 | R--- | C] () -- C:\Users\TONY\Desktop\ComboFix.exe
    [2011/03/31 20:52:24 | 000,625,664 | ---- | C] () -- C:\Users\TONY\Desktop\dds.scr
    [2011/03/28 15:52:32 | 000,015,768 | ---- | C] () -- C:\Users\TONY\Documents\Midsummer's Feast.odt
    [2011/03/28 13:12:06 | 000,015,816 | ---- | C] () -- C:\Users\TONY\Documents\Untitled 1.odt
    [2011/03/28 12:52:09 | 000,001,032 | ---- | C] () -- C:\Users\TONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
    [2011/03/24 22:57:59 | 000,000,830 | ---- | C] () -- C:\Users\TONY\Application Data\Microsoft\Internet Explorer\Quick Launch\Steam.lnk
    [2011/03/24 22:57:54 | 000,000,840 | ---- | C] () -- C:\Users\TONY\Desktop\Steam (2).lnk
    [2011/03/24 22:57:50 | 000,000,830 | ---- | C] () -- C:\Users\TONY\Application Data\Microsoft\Internet Explorer\Quick Launch\Steam (4).lnk
    [2011/03/24 22:57:28 | 000,000,830 | ---- | C] () -- C:\Users\TONY\Application Data\Microsoft\Internet Explorer\Quick Launch\Steam (3).lnk
    [2011/03/24 22:56:09 | 000,000,830 | ---- | C] () -- C:\Users\TONY\Application Data\Microsoft\Internet Explorer\Quick Launch\Steam (2).lnk
    [2011/03/24 21:31:25 | 000,002,039 | ---- | C] () -- C:\Users\TONY\Desktop\Google Chrome.lnk
    [2011/03/24 21:31:25 | 000,002,001 | ---- | C] () -- C:\Users\TONY\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2011/03/24 20:40:44 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
    [2011/03/24 20:17:59 | 000,001,879 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011/03/24 20:11:53 | 000,000,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    [2011/03/24 20:11:53 | 000,000,866 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
    [2011/03/24 19:12:17 | 000,879,028 | ---- | C] () -- C:\Users\TONY\Desktop\SecurityCheck.exe
    [2011/03/24 17:56:41 | 000,080,384 | ---- | C] () -- C:\Users\TONY\Desktop\MBRCheck.exe
    [2011/03/17 22:55:02 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/03/17 22:46:07 | 000,296,448 | ---- | C] () -- C:\Users\TONY\Desktop\xrogppew.exe
    [2011/03/14 21:08:33 | 000,001,656 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/03/14 00:21:01 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
    [2011/03/02 23:43:16 | 000,011,200 | ---- | C] () -- C:\Users\TONY\Desktop\midsummers night feast.odt
    [2010/11/30 13:56:27 | 000,000,504 | R--- | C] () -- C:\Windows\CtaMCcfg.ini
    [2010/11/30 13:56:25 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2010/11/30 13:56:25 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2010/10/05 23:15:46 | 000,218,496 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2010/10/05 23:15:45 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
    [2010/10/05 23:15:45 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2010/09/22 21:11:36 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2010/09/21 11:37:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/08/24 21:56:46 | 000,013,824 | ---- | C] () -- C:\Users\TONY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/07 08:45:45 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2010/08/07 08:45:23 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2010/08/07 08:45:05 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2010/08/06 15:19:09 | 000,000,185 | ---- | C] () -- C:\Windows\SysWow64\msblcd32.dll
    [2010/08/06 14:34:37 | 000,000,092 | ---- | C] () -- C:\Users\TONY\AppData\Local\fusioncache.dat
    [2010/08/06 14:10:26 | 000,743,720 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/08/05 22:59:28 | 000,000,552 | ---- | C] () -- C:\Users\TONY\AppData\Local\d3d8caps.dat
    [2010/08/05 21:01:21 | 000,000,680 | ---- | C] () -- C:\Users\TONY\AppData\Local\d3d9caps.dat
    [2010/08/05 20:59:02 | 000,000,732 | ---- | C] () -- C:\Users\TONY\AppData\Local\d3d9caps64.dat
    [2010/06/30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
    [2009/01/26 15:00:56 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
    [2009/01/26 15:00:56 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
    [2009/01/26 14:43:38 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
    [2008/10/22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2008/09/18 00:45:54 | 000,001,515 | R--- | C] () -- C:\Windows\Ctacfg.ini
    [2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2006/11/02 08:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 05:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2006/11/02 05:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2006/11/02 05:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2006/11/02 02:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

    ========== LOP Check ==========

    [2011/01/15 21:12:05 | 000,000,000 | ---D | M] -- C:\Users\TONY\AppData\Roaming\Canon
    [2010/11/04 23:31:39 | 000,000,000 | ---D | M] -- C:\Users\TONY\AppData\Roaming\OpenOffice.org
    [2010/08/05 21:11:05 | 000,000,000 | ---D | M] -- C:\Users\TONY\AppData\Roaming\PictureMover
    [2010/10/12 18:19:37 | 000,000,000 | ---D | M] -- C:\Users\TONY\AppData\Roaming\SystemRequirementsLab
    [2010/08/06 14:34:54 | 000,000,000 | ---D | M] -- C:\Users\TONY\AppData\Roaming\Turbine
    [2010/08/06 14:49:45 | 000,000,000 | ---D | M] -- C:\Users\TONY\AppData\Roaming\WildTangent
    [2010/08/21 12:53:24 | 000,000,000 | ---D | M] -- C:\Users\TONY\AppData\Roaming\WinBatch
    [2011/02/27 18:49:01 | 000,000,000 | ---D | M] -- C:\Users\TONY\AppData\Roaming\ZombieDriver
    [2011/03/31 23:04:51 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2009/01/26 14:31:36 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2011/04/01 08:31:55 | 000,024,581 | ---- | M] () -- C:\ComboFix.txt
    [2010/12/02 00:54:08 | 000,007,200 | ---- | M] () -- C:\CTSUFile.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2011/03/28 12:57:14 | 000,000,375 | ---- | M] () -- C:\FINIS_IT.TXT
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2011/03/09 02:04:04 | 000,000,247 | ---- | M] () -- C:\INSTALL.LOG
    [2007/11/07 08:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2011/03/31 23:05:31 | 2460,303,359 | -HS- | M] () -- C:\pagefile.sys
    [2011/03/24 20:31:08 | 000,000,682 | ---- | M] () -- C:\updatedatfix.log
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2006/11/02 08:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 08:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 08:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2010/08/15 09:41:38 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 14:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 20:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/08/11 23:56:27 | 000,000,355 | -HS- | M] () -- C:\Users\TONY\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/04/01 08:16:31 | 004,311,723 | R--- | M] () -- C:\Users\TONY\Desktop\ComboFix.exe
    [2011/03/17 22:45:09 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\TONY\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/03/24 17:56:41 | 000,080,384 | ---- | M] () -- C:\Users\TONY\Desktop\MBRCheck.exe
    [2011/04/01 08:57:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\TONY\Desktop\OTL.exe
    [2011/03/24 19:12:18 | 000,879,028 | ---- | M] () -- C:\Users\TONY\Desktop\SecurityCheck.exe
    [2011/03/17 22:40:07 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\TONY\Desktop\TFC.exe
    [2011/03/17 22:46:08 | 000,296,448 | ---- | M] () -- C:\Users\TONY\Desktop\xrogppew.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/05 21:10:36 | 000,000,402 | -HS- | M] () -- C:\Users\TONY\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < MD5 for: WUCLTUX.DLL >
    [2009/04/11 00:11:34 | 001,717,248 | ---- | M] (Microsoft Corporation) MD5=0375744A87C90581B77A19B5C44FAAD7 -- C:\Windows\winsxs\amd64_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.0.6002.18005_none_7c0a11688a03a133\wucltux.dll
    [2008/01/20 19:51:19 | 001,717,248 | ---- | M] (Microsoft Corporation) MD5=0B551D175F9077F9214613D9868E94F9 -- C:\Windows\winsxs\amd64_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.0.6001.18000_none_7a1e985c8ce1d5e7\wucltux.dll
    [2009/08/06 18:59:43 | 002,621,440 | ---- | M] (Microsoft Corporation) MD5=1BD79FB6ACE53BCDD4B406802565A277 -- C:\Windows\SysNative\wucltux.dll
    [2009/08/06 18:59:43 | 002,621,440 | ---- | M] (Microsoft Corporation) MD5=1BD79FB6ACE53BCDD4B406802565A277 -- C:\Windows\winsxs\amd64_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.4.7600.226_none_c344e16bb3fe3602\wucltux.dll
    [2006/11/02 04:19:12 | 001,703,936 | ---- | M] (Microsoft Corporation) MD5=51099E1D9441C469D17656B82C0D245F -- C:\Windows\winsxs\amd64_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_6.0.6000.16386_none_86775a1b05101c44\wucltux.dll

    < End of report >
     
  22. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    OTL Extras logfile created on: 4/1/2011 9:00:30 AM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\TONY\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19019)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 59.00% Memory free
    12.00 Gb Paging File | 10.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 452.77 Gb Total Space | 254.66 Gb Free Space | 56.24% Space Free | Partition Type: NTFS
    Drive D: | 12.99 Gb Total Space | 1.77 Gb Free Space | 13.66% Space Free | Partition Type: NTFS
    Drive F: | 7.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: TONY-PC | User Name: TONY | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = 47 30 8A 87 9A 3C CB 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1603E395-C2B2-47E1-9C11-70D9DA54CE84}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{21AB61F7-1E5A-43B9-A974-FB3A33C66140}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{21FE9204-4198-41C8-9280-07B80DEC1CD5}" = rport=138 | protocol=17 | dir=out | app=system |
    "{346A52E0-1716-4566-A410-003C8B58F000}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{3AA23CFC-3222-4AB5-A9B6-E8B3F550393B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{688BA849-4A57-4961-9E6D-E365EDECD2DF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{6DF656B4-66D0-4943-80EE-848DE3544EB5}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{76FF3BA9-2C39-4354-B389-08CEBBE40C4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{888EEE93-9E1E-49F1-8014-BCC094D8B20F}" = lport=137 | protocol=17 | dir=in | app=system |
    "{96BC2516-00C9-469E-BCB2-A7A6472AD365}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{9998A2E5-BBE1-4C76-9DBB-2A47955CAA37}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9D9699AC-46BD-493C-997D-11564D85EC23}" = lport=138 | protocol=17 | dir=in | app=system |
    "{A9EA0C11-9207-40E2-A9F7-D9E865B857C7}" = rport=137 | protocol=17 | dir=out | app=system |
    "{B11016DD-719A-4137-9610-813105D3A8CA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B8B0017C-B603-451A-979A-F8307DD1A2B4}" = rport=445 | protocol=6 | dir=out | app=system |
    "{BE973066-6D1D-44C4-BCBF-99016A8924ED}" = lport=445 | protocol=6 | dir=in | app=system |
    "{C9A537F1-122E-4FB4-BBA8-F7FDCAD72221}" = lport=139 | protocol=6 | dir=in | app=system |
    "{D1E5FB89-64FF-4873-BCB3-BBC278347849}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E5CDC0DD-CC82-4B86-B496-FB81C5AF8E05}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{05BAC79D-8D65-4B71-841C-5B2115666B6C}" = protocol=6 | dir=out | app=system |
    "{08FFE65E-71C8-4E0B-AB18-97F21EA5E0B6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jade empire\jadeempirelauncher.exe |
    "{0B41A9AB-E4C4-4A52-B673-FD5BBAA0439F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
    "{0B453DF2-5FBC-4C59-8573-01498E3EA76B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
    "{11533BE4-7C19-4A3F-883A-A3FF5E34311A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes sp demo\reliccoh.exe |
    "{14C4E260-20ED-49B0-A2FF-E9CB5A53E999}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
    "{1D8EBB01-864B-48F9-96B2-825F4DE0035A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{1D96DA49-93A7-4728-84A9-9D9ABFE05147}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1EFC334A-3349-4302-A8BE-33920078EF22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{20E916A8-0E2F-4C2A-A1B6-3301640720CF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zombie driver\release\zombiedriver.exe |
    "{224AA362-814A-4552-89B4-DF73A82CAF13}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{240972AB-C656-4D7C-925D-6C87A9CF4AD8}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
    "{24240FE1-E558-443D-958D-2ABB36A5F2B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\binaries\moh.exe |
    "{26AB38AA-B284-423A-8AD9-FC2B12AC4472}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\binaries\moh.exe |
    "{2931AE34-41B3-4EAD-B6D1-64D41E6D8DB7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{2A4C11DD-CE3D-40CF-9829-1B077352644E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jade empire\jadeempireconfig.exe |
    "{2CEEF9D1-FE48-4F1A-9AA2-DE074F945FC8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{301F86E4-735C-438B-A43C-89E7FAC63A5B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia\game.exe |
    "{31338F97-EB9D-43AA-9F79-E9BFCC06305B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
    "{326F51E7-C62B-4F3F-8D3C-C067F51A4521}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
    "{3696445D-0FB4-426E-98B4-9CFDBDD3C843}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{37EE72EA-A8FC-48AF-AE0D-B8B364A79518}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia\setup.exe |
    "{3ADE92F9-12EE-4CFA-99A7-1A03DC37FA1A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zombie driver\release\zombiedriver.exe |
    "{3B7D0A62-90EC-4D66-98C1-919117A13C98}" = protocol=6 | dir=in | app=c:\users\tony\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{43A63E07-3ED4-404B-A098-E834F3FA7F36}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
    "{457241CA-E2A5-4050-BAA5-E45FDD189115}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{47D17CAC-C028-42C2-B437-5C2EA04F99D2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia\setup.exe |
    "{49034B6F-EB1D-47EB-BF15-AF43C83CCABE}" = protocol=6 | dir=in | app=c:\users\tony\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{4B71E28A-9118-4D7A-B3FA-822EEE70485D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
    "{4D08B872-27CA-45E6-9A6D-A71DFA749CDE}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
    "{4F93AA5A-C3F0-4C58-9E38-57C065ED335A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\painkiller demo\bin\paingame.exe |
    "{5319C474-748F-4ECF-92E0-0E6D26A25C14}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3 goty\falloutlauncher.exe |
    "{5537781B-F0B4-4F43-8E16-0AA3D61A99BB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lead and gold gangs of the wild west\lag_win32_public_dev.exe |
    "{598B5515-57FD-4FC0-88B3-3A82C942BD92}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{5A3DED4F-6E21-4349-BBD8-37042136B185}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{5CF1E859-3EED-4B97-922E-90EF052ADAC2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes sp demo\reliccoh.exe |
    "{5D50DF28-5ACB-4815-881A-82B605368166}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3 goty\falloutlauncher.exe |
    "{60DBACD9-674B-47E5-9877-7ADAC87071E2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lead and gold gangs of the wild west\lag_win32_public_dev.exe |
    "{60E96045-94AD-4C83-AA84-DB70847AF422}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{65FE667E-8447-4A4A-A542-3596C1817D65}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{716EBEB9-7C03-4C7C-BA9D-B8809EF954DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jade empire\jadeempireconfig.exe |
    "{71E5A6E9-A36C-482B-B90D-97A05D9C8499}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
    "{735C7940-A3C3-4D9E-96AA-54D65DBF5BD6}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{7ACDC194-71E6-4D1A-804A-97636653F9CC}" = protocol=17 | dir=in | app=c:\users\tony\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{7B4706DB-51B0-4C5E-ACFF-4D347028D581}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{7BA192F7-05FA-4922-B92C-FAC2BAF29AB0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{7C9916BB-DB93-4E49-8393-1795C9F1ECDA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\mp\mohmpgame.exe |
    "{7DB388E6-DCA9-4002-97C7-FA20FFA7158A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
    "{7EDD99E0-5D80-4815-A26E-61A538043545}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{7F79CBA7-0A1B-4D6F-81A8-9B3B3B33020F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
    "{82EFE1CB-653D-4BE9-8098-F2755D43CC32}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jade empire\jadeempirelauncher.exe |
    "{8448828A-8293-4025-BCDC-778CB9C59BA9}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
    "{876ACF4E-C466-4F75-89EB-87D0D8DC8129}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{87A641F2-534B-4B9C-8B1E-551355A428EB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{88442B65-8134-4E4E-BBEA-787003087773}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\support\ea help\electronic_arts_technical_support.htm |
    "{8A2A14FE-2062-41FE-AEB4-3929964F8202}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{8D9818D6-43B7-4114-90C3-1780E5424F44}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
    "{8F9CFBAE-0CE0-4865-83FD-2655CC89ABB6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
    "{935B1D07-FBD3-461A-AB94-85A82CE4C472}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{9420ECA4-5692-4109-BBCD-60227E412702}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9767113E-67AC-4AC1-8A00-B7929CA0A6AC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
    "{98E9120B-BFE0-4FF5-B863-14DB61835E11}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{9AE5CEDC-A162-422F-976F-CEE81C9F4ECA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia\game.exe |
    "{9E751DAF-86FC-412A-83AD-8F11DE2BBA44}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{A0501010-7B74-4305-840F-7CD3E4AA3094}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{A8233F27-0DC4-4088-AFF5-73D9A394B49C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A8F93899-7C8D-4824-8C13-26C807AD97EC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{B1345D6A-43DE-4BE7-8621-31B84CEEAF32}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
    "{B19D111A-D928-469B-92FE-29C6B525785F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
    "{BAE43BDA-2823-4190-84B7-9901DCA8367B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{C0B4D32F-00A7-4AF3-90B3-24F357E2AC7F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\mp\mohmpgame.exe |
    "{C3FCF092-1E86-495E-8B21-BB51B7F5AC99}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
    "{C5E151B9-AE6E-4EF1-82E8-73C67C764715}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{CD5B62C3-FB97-4325-8FF6-2013CA413261}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
    "{CECE7819-998E-44DA-87F9-F97BFE7456C8}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
    "{CF04EB15-B12B-4FEB-8544-5E1C4C6FCD18}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{CF8D6807-F6AF-4DF8-BC1A-21FD7E29E263}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D2182031-EB7B-4DCD-BE05-047E5A2F6595}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
    "{D31739DA-260C-4D97-B159-87E6EC8F5DB1}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
    "{D647646D-BCFF-4850-B7BC-B69D0A4A7E3B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{D6E254EB-E2E7-4C74-8C8A-7F96ACC465DB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{DB2F8365-8BED-4375-BE27-384D290F2535}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
    "{DFA47FCD-B5F8-4EAC-8B0B-A1F0790BFA5F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{DFB7E3D3-3E35-424C-A32F-01DEAD2AB4B7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\painkiller demo\bin\paingame.exe |
    "{E1D5B53C-E3EE-498F-B7A9-556B39042178}" = protocol=17 | dir=in | app=c:\users\tony\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{E3FAD7C9-A0CD-4657-B4B6-CA077602372D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
    "{EA35DBC2-89AF-4450-A831-817244DF91FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
    "{EE3AD71B-5673-4C7E-A4AC-9E4500AB078A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\support\ea help\electronic_arts_technical_support.htm |
    "{EE809A15-81D2-409C-9BC6-7747CB092738}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EEACA271-D13F-4806-8B32-A3769D201AA2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
    "{EF48DA0A-E873-44CD-99FB-AA122D7ADCAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{F38D6103-ECCB-4E6A-8BD3-1DA083DB0DC3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{F86577B5-612F-4221-883E-44A4EAB2A6EB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{FA3F4061-AE1F-4290-9C0E-FECD62E41F55}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
    "{FDAF3F6E-1890-421A-B9F1-271726984638}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "TCP Query User{30A20CA7-98AE-43F2-A754-FB2970309051}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
    "TCP Query User{5AF8A4D1-1022-4360-8498-16DEE56D8056}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "TCP Query User{7EF62EC7-E9E0-417F-BE06-88D4E168CABC}C:\program files (x86)\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvants\tvants.exe |
    "TCP Query User{862E7C04-FFC9-4FF0-9D59-7547AE50BFF6}C:\users\tony\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\tony\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
    "TCP Query User{AB998C30-41FB-429E-9E5C-EDAF907FD7E8}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
    "TCP Query User{EF640D10-2263-4AE2-A439-74E5D39FDCED}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
    "UDP Query User{51B59CBB-7E56-443E-A68E-0410298F82C0}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "UDP Query User{70299FC3-62F1-464F-AD4F-1843AC1B291D}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
    "UDP Query User{760BF6E4-F231-4F56-AD5A-3C4347ACFD8E}C:\program files (x86)\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvants\tvants.exe |
    "UDP Query User{A68B965F-62FD-4814-B5C4-752E59521561}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
    "UDP Query User{D5C21E92-C565-429D-8BCA-59AAD0B11E0E}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
    "UDP Query User{EA4B8896-5DB9-44E8-AA3A-5D936A93101F}C:\users\tony\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\tony\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series" = Canon MX340 series MP Drivers
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
    "{59A50260-AED9-40E6-80CF-7319C8A7A926}" = Saitek Cyborg Keyboard Volume 6.7.3.0
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
    "{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
    "{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F868E7BF-BC77-4B1F-A4CF-555099675E41}" = Saitek SD6 Programming Software 6.7.3.0
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "OfficeTrial" = Microsoft Office Home and Student 60 day trial
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
    "{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
    "{1E83D2D0-188B-4A4D-BEF7-72E370747AA3}" = D-Link Corporation Control Program
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24
    "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
    "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
    "{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
    "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4FAB5122-775E-4418-B8D9-E2873BC93570}" = Microsoft Live Search Toolbar
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
    "{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
    "{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
    "{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
    "{6E139C26-2033-466B-89FF-1EB1AF6D4979}" = Saitek Call Of Duty Modern Warefare 2 Profiles
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "{B3DFF4C8-50BA-463D-8334-4BAFE7172EA6}" = SB Arena Headset
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
    "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™: Siege of Mirkwood™ v03.01.00.802
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "ALchemy" = Creative ALchemy
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "Belarc Advisor" = Belarc Advisor 8.1
    "Canon MX340 series User Registration" = Canon MX340 series User Registration
    "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
    "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
    "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    "CanonMyPrinter" = Canon Utilities My Printer
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "Creative Software AutoUpdate" = Creative Software AutoUpdate
    "DivX Setup.divx.com" = DivX Setup
    "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
    "Easy-WebPrint EX" = Canon Easy-WebPrint EX
    "ESET Online Scanner" = ESET Online Scanner v3
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
    "MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OpenAL" = OpenAL
    "PunkBusterSvc" = PunkBuster Services
    "Secunia PSI" = Secunia PSI (2.0.0.3001)
    "sp44626" = sp44626
    "Speed Dial Utility" = Canon Speed Dial Utility
    "SpeedTestPro_is1" = Absolute Futurity SpeedTestPro Ver 1.0.733
    "Steam App 10180" = Call of Duty: Modern Warfare 2
    "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
    "Steam App 22370" = Fallout 3 - Game of the Year Edition
    "Steam App 22380" = Fallout: New Vegas
    "Steam App 31419" = Zombie Driver
    "Steam App 3210" = Painkiller Demo
    "Steam App 40990" = Mafia
    "Steam App 42120" = Lead and Gold - Gangs of the Wild West
    "Steam App 47790" = Medal of Honor(TM) Single Player
    "Steam App 47830" = Medal of Honor(TM) Multiplayer
    "Steam App 7110" = Jade Empire: Special Edition
    "Steam App 8930" = Sid Meier's Civilization V
    "Steam App 9300" = Company of Heroes Singleplayer Demo
    "SysInfo" = Creative System Information
    "SystemRequirementsLab" = System Requirements Lab
    "TVAnts 1.0" = TVAnts 1.0
    "Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
    "Veetle TV" = Veetle TV 0.9.18
    "WaveStudio 7" = Creative WaveStudio 7
    "WildTangent hp Master Uninstall" = My HP Games
    "Winamp" = Winamp

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2723436897-3598471683-1063297262-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "Google Chrome" = Google Chrome
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/25/2011 2:23:37 AM | Computer Name = TONY-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 3/25/2011 4:51:09 AM | Computer Name = TONY-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 3/26/2011 2:35:12 AM | Computer Name = TONY-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 3/26/2011 2:36:53 AM | Computer Name = TONY-PC | Source = Perflib | ID = 1023
    Description =

    Error - 3/26/2011 2:36:54 AM | Computer Name = TONY-PC | Source = Perflib | ID = 1008
    Description =

    Error - 3/26/2011 2:36:54 AM | Computer Name = TONY-PC | Source = Perflib | ID = 1023
    Description =

    Error - 3/28/2011 12:29:29 AM | Computer Name = TONY-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 3/28/2011 1:44:28 AM | Computer Name = TONY-PC | Source = Perflib | ID = 1023
    Description =

    Error - 3/28/2011 1:44:28 AM | Computer Name = TONY-PC | Source = Perflib | ID = 1008
    Description =

    Error - 3/28/2011 1:44:28 AM | Computer Name = TONY-PC | Source = Perflib | ID = 1023
    Description =

    [ Media Center Events ]
    Error - 9/17/2010 9:46:57 PM | Computer Name = TONY-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 11/1/2010 9:29:10 PM | Computer Name = TONY-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ System Events ]
    Error - 11/2/2010 1:37:02 AM | Computer Name = TONY-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/2/2010 2:35:37 AM | Computer Name = TONY-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 11/2/2010 2:56:31 AM | Computer Name = TONY-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 11/2/2010 3:37:47 AM | Computer Name = TONY-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 11/5/2010 2:29:53 AM | Computer Name = TONY-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 11/9/2010 6:50:23 AM | Computer Name = TONY-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 7:25:11 PM on 11/8/2010 was unexpected.

    Error - 11/9/2010 6:51:59 AM | Computer Name = TONY-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 11/9/2010 6:53:40 AM | Computer Name = TONY-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 11/9/2010 6:53:40 AM | Computer Name = TONY-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/9/2010 3:36:12 PM | Computer Name = TONY-PC | Source = Service Control Manager | ID = 7026
    Description =


    < End of report >
     
  23. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    We need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  24. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    JavaRa 1.16 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Fri Apr 01 10:54:04 2011

    Found and removed: C:\Program Files (x86)\Java\jre1.6.0_07

    Found and removed: C:\Program Files (x86)\Java\jre1.6.0_20

    Found and removed: C:\Program Files (x86)\Java\jre1.6.0_22

    Found and removed: C:\Users\TONY\AppData\LocalLow\Sun\Java\jre1.6.0_20

    Found and removed: C:\Users\TONY\AppData\LocalLow\Sun\Java\jre1.6.0_21

    Found and removed: C:\Users\TONY\AppData\LocalLow\Sun\Java\jre1.6.0_22

    Found and removed: C:\Users\TONY\AppData\LocalLow\Sun\Java\jre1.6.0_23

    Found and removed: Applications\java.exe

    Found and removed: Applications\javaw.exe

    Found and removed: JavaPlugin.FamilyVersionSupport

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}

    Found and removed: JavaScript

    Found and removed: JavaScript Author

    Found and removed: JavaScript1.1

    Found and removed: JavaScript1.1 Author

    Found and removed: JavaScript1.2

    Found and removed: JavaScript1.2 Author

    Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}

    Found and removed: Software\Classes\JavaPlugin.160_07

    Found and removed: Software\Classes\JavaPlugin.160_20

    Found and removed: Software\Classes\JavaPlugin.160_22

    Found and removed: Software\JavaSoft\Java Update

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\JavaPlugin

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_07

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_20

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_22

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_20

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_22

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_20

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_22

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_07

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_20

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_22

    Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216022F0}

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.3

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.5
     
  25. Anthino

    Anthino TS Rookie Topic Starter Posts: 43

    All processes killed
    ========== OTL ==========
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: TONY
    ->Temp folder emptied: 542682 bytes
    ->Temporary Internet Files folder emptied: 96449 bytes
    ->Java cache emptied: 47037 bytes
    ->FireFox cache emptied: 101931634 bytes
    ->Google Chrome cache emptied: 7554385 bytes
    ->Flash cache emptied: 3191 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 105.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: TONY
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 04012011_105659

    Files\Folders moved on Reboot...
    C:\Users\TONY\AppData\Local\Temp\ppcrlui_4496_2 moved successfully.

    Registry entries deleted on Reboot...
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...