Solved PUM.Hijack.StartMenu & black desktop w/userfiles missing

A

all at sea

Posts: 60   +0
Hi all,
I've been here before and received great help from Broni. Now I'm back again with another virus attack. Hope someone can help.
Behaviour was as follows:
A bunch of "System message - Write Fault Error" messages opened up on the desktop, followed by a
"SYSTEM ERROR. HARD DISK FAILURE DETECTED. Windows has lost access to the system partition ...etc".
It offers two options, "Scan and repair", or "Scan later". I suspected an attack, so I did neither. Desktop had gone black, with all icons vanished, except Internet Explorer. Access to start menu is allowed, surprisingly. All user files, including documents:eek: are vanished.

I ran Malwarebytes, which detected two instances of "PUM.Hijack.StartMenu". On restart however, the same behaviour persisted. Ran Malwarebytes again which of course found the same two viruses in the same places. Restarted and ran Avira scan, which didn't even find the two viruses! Gave up trying by myself, and came to techspot to follow the tried-and-tested 5-step plan. Logs to follow. Grateful for any and all assistance.
 
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.26.02
Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 7.0.6001.18000
jason :: OFFICE-PC [administrator]
26/04/2012 15:08:28
mbam-log-2012-04-26 (15-08-28).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198902
Time elapsed: 2 minute(s), 6 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_31
Run by jason at 15:32:21 on 2012-04-26
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.4094.2479 [GMT 1:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\ (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\LHWmcRqHquM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=900&fs=1&lc=2057&_lang=EN
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [RemoteControl] "C:\Program Files (x86)\ (x86)\CyberLink\PowerDVD\PDVDServ.exe"
mRun: [LanguageShortcut] "C:\Program Files (x86)\ (x86)\CyberLink\PowerDVD\Language\Language.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LHWmcRqHquM.exe] C:\ProgramData\LHWmcRqHquM.exe
mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{56D17326-9347-4CD8-9AEE-998419ADBBA9} : DhcpNameServer = 192.168.1.1
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun-x64: [RemoteControl] "C:\Program Files (x86)\ (x86)\CyberLink\PowerDVD\PDVDServ.exe"
mRun-x64: [LanguageShortcut] "C:\Program Files (x86)\ (x86)\CyberLink\PowerDVD\Language\Language.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [LHWmcRqHquM.exe] C:\ProgramData\LHWmcRqHquM.exe
mRunOnce-x64: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
IE-X64: {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\gqi59nrv.default\
FF - prefs.js: browser.startup.homepage - hxxp://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=900&fs=1&lc=2057&_lang=EN
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npjpi160_31.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npoji610.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xx;mv61xx;C:\Windows\system32\DRIVERS\mv61xx.sys --> C:\Windows\system32\DRIVERS\mv61xx.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-11-15 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-11-15 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-11 136176]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-1-21 93696]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-11 136176]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
.
=============== Created Last 30 ================
.
2012-04-26 14:06:47 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-26 14:06:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-25 21:47:38 300544 ---ha-w- C:\ProgramData\LHWmcRqHquM.exe
.
==================== Find3M ====================
.
2012-03-14 17:47:28 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 15:32:39.84 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/01/2009 19:50:24
System Uptime: 26/04/2012 14:40:24 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5QL PRO
Processor: Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz | LGA775 | 2670/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 450 GiB total, 11.765 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0003
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #4
PNP Device ID: ROOT\*ISATAP\0003
Service: tunnel
.
==== System Restore Points ===================
.
RP933: 21/04/2012 02:43:17 - Scheduled Checkpoint
RP934: 22/04/2012 12:44:07 - Scheduled Checkpoint
RP935: 23/04/2012 12:50:05 - Scheduled Checkpoint
RP936: 24/04/2012 18:17:06 - Scheduled Checkpoint
RP937: 25/04/2012 20:10:42 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
7-Zip 4.65
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
AIO_Scan
AVI/MPEG/RM/WMV Joiner 4.82
Avira Free Antivirus
Boilsoft Video Joiner 6.56
BufferChm
C5200
C5200_Help
CDisplay 1.8
ConvertXtoDVD 3.1.2.34
Copy
coverXP (remove only)
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DHTML Editing Component
DocProc
DocProcQFolder
DVD Suite
DVDFab 8.1.0.5 (04/07/2011) Qt
eSupportQFolder
Fax
Google Update Helper
GPBaseService
HP Update
HPProductAssistant
Java Auto Updater
Java(TM) 6 Update 31
JDownloader
K-Lite Codec Pack 4.5.3 (Standard)
LabelPrint
LightScribe System Software 1.10.16.1
Malwarebytes Anti-Malware version 1.61.0.1400
MarketingReg
MediaShow
Microsoft Office 2000 Small Business
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MKVtoolnix 4.6.0
Mozilla Firefox (3.5.9)
MSXML 4.0 SP2 (KB954430)
Nero Suite
NVIDIA PhysX v8.10.13
PanoStandAlone
PhotoNow! 1.0
Power2Go 5.0
PowerBackup
PowerDirector Express
PowerDVD
PowerDVD Copy
PowerProducer
PPLive 1.9
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Roxio Express Labeler 3
Scan
SmartWebPrintingOC
SolutionCenter
SopCast 3.2.4
Status
Subtitle Workshop 2.51
Toolbox
TrayApp
Turbo Lister 2
TVAnts 1.0
UnloadSupport
Veetle TV 0.9.18
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.7
VobSub v2.23 (Remove Only)
WebReg
WinRAR archiver
Xvid 1.1.3 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
26/04/2012 14:43:09, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
26/04/2012 14:43:09, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26/04/2012 09:58:09, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
25/04/2012 23:11:21, Error: EventLog [6008] - The previous system shutdown at 23:09:20 on 25/04/2012 was unexpected.
25/04/2012 23:03:23, Error: EventLog [6008] - The previous system shutdown at 23:01:08 on 25/04/2012 was unexpected.
25/04/2012 22:58:36, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
25/04/2012 22:58:36, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/04/2012 16:43:16, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
19/04/2012 18:01:55, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
19/04/2012 18:01:55, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
19/04/2012 18:00:07, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 002354165DDA has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================================

Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.

==================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==================================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Hi again Broni,
You solved a virus problem for me last year, so I know I'm in safe hands. Thank you for helping a serial offender, as it were.

I ran UnHide. It restored most Desktop icons, but not the My Computer or My Documents icons. Background remains black, and user files and all documents are still missing. Behaviour remains the same.
I forgot to mention that whenever I reboot, any programmes or logs that have been saved to desktop disappear (although the icons restored by UnHide remain). So when I rebooted, as prompted by UnHide, both itself, GMER, DDS, and associated logs disappeared. Is there somewhere else I can save cleaning applications and logs?

aswMBR and Bootkit remover logs to follow.
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-26 17:53:13
-----------------------------
17:53:13.515 OS Version: Windows x64 6.0.6001 Service Pack 1
17:53:13.515 Number of processors: 4 586 0x170A
17:53:13.515 ComputerName: OFFICE-PC UserName: jason
17:53:23.920 Initialize success
17:54:16.263 AVAST engine defs: 12042600
17:54:40.396 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
17:54:40.396 Disk 0 Vendor: SAMSUNG_HD501LJ CR100-13 Size: 476940MB BusType: 3
17:54:40.428 Disk 0 MBR read successfully
17:54:40.428 Disk 0 MBR scan
17:54:40.474 Disk 0 Windows VISTA default MBR code
17:54:40.506 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16196 MB offset 2048
17:54:40.537 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 460741 MB offset 33173280
17:54:40.615 Disk 0 scanning C:\Windows\system32\drivers
17:55:03.313 Service scanning
17:55:57.663 Modules scanning
17:55:57.663 Disk 0 trace - called modules:
17:55:57.679 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys
17:55:57.679 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005af9430]
17:55:57.679 3 CLASSPNP.SYS[fffffa6000fd2b3a] -> nt!IofCallDriver -> [0xfffffa80049229b0]
17:55:57.679 5 acpi.sys[fffffa60008fbff6] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0xfffffa800491c4b0]
17:56:08.256 AVAST engine scan C:\Windows
17:56:23.029 AVAST engine scan C:\Windows\system32
18:04:04.180 AVAST engine scan C:\Windows\system32\drivers
18:04:56.721 AVAST engine scan C:\Users\jason
18:22:23.778 AVAST engine scan C:\ProgramData
18:54:35.354 Scan finished successfully
18:56:52.728 Disk 0 MBR has been saved successfully to "C:\Users\jason\Desktop\MBR.dat"
18:56:52.728 The log file has been saved successfully to "C:\Users\jason\Desktop\aswMBR.txt"
 
I ran Bootkit Remover, but I am unable to post results. I can't get to notepad because Accessories is hidden in start menu. I tried using the instructions (select all, then ctrl & C followed by ctrl & V) in one of the readme notepad files and in MS Word, but it just pastes a web address that I copied earlier. Any ideas?
(I should probably add that I can't close Word, and Task manager isn't working.)
 
For some reason it works now :p:

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 1 (build 6
001), 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`f45e4000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Hi Broni,
You mention in your last post that I may have to restart PC at some point during this stage. That would mean I'll lose everything saved to desktop so far, including the MBR.dat. Does that matter?
 
Ran ComboFix. It auto restarted, and on restart Avira automatically enabled itself. I hope that didn't affect ComboFix.
The ComboFix log file didn't pop up as the window said it would, but i think I found it in the ComboFix folder. It's posted below. The ComboFix window is still open. (Oh, and it didn't prompt to update or install Recovery Console).

Behaviour: Background is still black, and user files including all documents still missing. The system error messages have ceased however.


ComboFix 12-04-26.01 - jason 26/04/2012 20:11:24.3.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.4094.2482 [GMT 1:00]
Running from: C:\Users\jason\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\LHWmcRqHquM.exe
C:\Users\jason\AppData\Roaming\vso_ts_preview.xml


((((((((((((((((((((((((( Files Created from 2012-03-26 to 2012-04-26 )))))))))))))))))))))))))))))))


2012-04-26 14:06:47 . 2012-04-26 14:06:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-26 14:06:47 . 2012-04-04 14:56:40 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-03-14 17:47:28 . 2010-04-21 11:25:39 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-15 09:42:29 . 2011-11-15 21:24:59 132320 ----a-w- C:\Windows\system32\drivers\avipbb.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16:38 39792]
"RemoteControl"="C:\Program Files (x86)\ (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 21:01:30 71216]
"LanguageShortcut"="C:\Program Files (x86)\ (x86)\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17:42 52256]
"HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 21:17:32 49152]
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 11:50:42 155648]
"TkBellExe"="C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" [2010-11-07 19:13:17 274608]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 16:56:24 258512]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 14:02:04 254696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-09-19 21:46:18 451872 ----a-w- C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe

Contents of the 'Scheduled Tasks' folder

2012-04-26 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 15:09:30 . 2011-05-11 15:09:23]

2012-04-26 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 15:09:30 . 2011-05-11 15:09:23]


--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-01-15 11:25:20 5641728]
"Skytel"="Skytel.exe" [2007-11-20 18:15:58 1826816]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-11-12 14:54:00 16121888]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-11-12 14:54:00 82464]

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=900&fs=1&lc=2057&_lang=EN
mLocal Page = %SystemRoot%\system32\blank.htm
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\gqi59nrv.default\
FF - prefs.js: browser.startup.homepage - hxxp://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=900&fs=1&lc=2057&_lang=EN
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKCU-Run-WMPNSCFG - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-LHWmcRqHquM.exe - C:\ProgramData\LHWmcRqHquM.exe
 
ComboFix 12-04-26.01 - jason 26/04/2012 20:45:08.4.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.4094.2738 [GMT 1:00]
Running from: c:\users\jason\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\LHWmcRqHquM.exe
c:\users\jason\AppData\Roaming\vso_ts_preview.xml
.
.
((((((((((((((((((((((((( Files Created from 2012-03-26 to 2012-04-26 )))))))))))))))))))))))))))))))
.
.
2012-04-26 19:51 . 2012-04-26 19:54 -------- d-----w- c:\users\jason\AppData\Local\temp
2012-04-26 19:51 . 2012-04-26 19:51 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-26 19:51 . 2012-04-26 19:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-26 14:06 . 2012-04-26 14:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-26 14:06 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 17:47 . 2010-04-21 11:25 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-15 09:42 . 2011-11-15 21:24 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-26_19.22.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2012-04-26 19:24 46364 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-04-26 19:24 73786 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-12 17:19 . 2012-04-26 19:24 13560 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1318639389-2330378091-3496585167-1000_UserData.bin
- 2009-01-11 20:01 . 2012-04-26 17:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-11 20:01 . 2012-04-26 19:46 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-11 20:01 . 2012-04-26 19:46 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-11 20:01 . 2012-04-26 17:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-11 20:01 . 2012-04-26 19:46 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-11 20:01 . 2012-04-26 17:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-05 23:08 . 2012-04-26 19:51 5416 c:\windows\system32\WDI\ERCQueuedResolutions.dat
- 2012-04-26 19:20 . 2012-04-26 19:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-26 19:52 . 2012-04-26 19:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-26 19:52 . 2012-04-26 19:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-26 19:20 . 2012-04-26 19:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 12:46 . 2012-04-26 16:53 599942 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-04-26 19:27 599942 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-04-26 16:53 105448 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2012-04-26 19:27 105448 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files (x86)\Windows Media Player\WMPNSCFG.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RemoteControl"="c:\program files (x86)\ (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files (x86)\ (x86)\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2010-11-07 274608]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LHWmcRqHquM.exe"="c:\programdata\LHWmcRqHquM.exe" [BU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-09-19 21:46 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 15:09]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 15:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-01-15 5641728]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 16121888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 82464]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=900&fs=1&lc=2057&_lang=EN
mLocal Page = %SystemRoot%\system32\blank.htm
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\gqi59nrv.default\
FF - prefs.js: browser.startup.homepage - hxxp://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=900&fs=1&lc=2057&_lang=EN
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash9b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-04-26 20:57:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-26 19:57
.
Pre-Run: 12,263,985,152 bytes free
Post-Run: 12,231,495,680 bytes free
.
- - End Of File - - C7D3264DE274F59C196F01B0FA22285E
 
The log popped up this time, and the Combofix window closed

Behaviour: Background still black, and My Ducuments and My Computer icons still missing. However, User files and docs can now be accessed :).
 
Very good :)

Background still black
Click to expand...
See if you can change it manually.

My Ducuments and My Computer icons still missing
Click to expand...
See my manual here: http://www.smartestcomputing.us.com/topic/49859-missing-items-from-main-start-menu-window-fix/

Any other issues?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
I just realized that I don't remember for 100% sure whether I disabled Avira before running ComboFix the second time :confused:.
Do you want me to rerun it?
 
OTL logfile created on: 26/04/2012 21:15:22 - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\jason\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 66.08% Memory free
8.22 Gb Paging File | 6.74 Gb Available in Paging File | 81.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.94 Gb Total Space | 11.42 Gb Free Space | 2.54% Space Free | Partition Type: NTFS

Computer Name: OFFICE-PC | User Name: jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/26 21:13:02 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\jason\Desktop\OTL.exe
PRC - [2011/10/19 17:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/19 17:56:24 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/19 17:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/07 20:13:17 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/01/21 03:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/10/19 17:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/19 17:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008/01/21 03:50:58 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/15 10:42:29 | 000,132,320 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/10/19 17:56:50 | 000,027,760 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/10/19 17:56:49 | 000,097,312 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/01/13 00:57:23 | 000,082,816 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2008/07/22 12:58:00 | 000,056,320 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E)
DRV:64bit: - [2008/01/21 03:51:07 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2007/06/15 16:52:10 | 000,163,736 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2006/10/31 16:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2006/10/10 03:09:03 | 000,742,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1318639389-2330378091-3496585167-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=900&fs=1&lc=2057&_lang=EN
IE - HKU\S-1-5-21-1318639389-2330378091-3496585167-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1318639389-2330378091-3496585167-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1318639389-2330378091-3496585167-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1318639389-2330378091-3496585167-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=900&fs=1&lc=2057&_lang=EN"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.0
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.599: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.599: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.599: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.599: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/07 20:13:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/07 20:13:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/12 11:38:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\files32\backup\thunderbirdbkplugin
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\files32\antispam\tbspamfilter

[2010/01/08 15:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jason\AppData\Roaming\Mozilla\Extensions
[2012/04/26 19:59:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\gqi59nrv.default\extensions
[2010/08/24 15:45:22 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\gqi59nrv.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2012/03/14 18:47:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/21 12:25:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/14 12:13:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/28 12:13:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/13 12:56:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/24 12:16:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/06 10:23:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/03/14 18:47:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2010/11/07 20:13:38 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/03/14 18:47:29 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/08/04 13:34:44 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/08/04 13:34:44 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/08/04 13:34:44 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/08/04 13:34:44 | 000,000,831 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/04/26 20:18:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\ (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LHWmcRqHquM.exe] C:\ProgramData\LHWmcRqHquM.exe File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1318639389-2330378091-3496585167-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1318639389-2330378091-3496585167-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1318639389-2330378091-3496585167-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ()
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ()
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56D17326-9347-4CD8-9AEE-998419ADBBA9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\jason\Documents\derechaz.jpg
O24 - Desktop BackupWallPaper: C:\Users\jason\Documents\derechaz.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32: msacm.clmp3enc - C:\Program Files (x86)\ (x86)\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/26 21:13:02 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\jason\Desktop\OTL.exe
[2012/04/26 20:57:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/26 20:57:23 | 000,000,000 | ---D | C] -- C:\Users\jason\AppData\Local\temp
[2012/04/26 20:54:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/26 20:10:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/26 20:10:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/26 20:10:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/26 20:09:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/26 20:01:15 | 004,477,246 | R--- | C] (Swearware) -- C:\Users\jason\Desktop\ComboFix.exe
[2012/04/26 19:35:15 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\jason\Desktop\boot_cleaner.exe
[2012/04/26 17:51:57 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\jason\Desktop\aswMBR.exe
[2012/04/26 17:15:32 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\jason\Desktop\unhide.exe
[2012/04/26 15:31:16 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\jason\Desktop\dds.scr
[2012/04/26 15:06:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/26 15:06:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/26 15:05:36 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\jason\Desktop\mbam-setup-1.61.0.1400.exe

========== Files - Modified Within 30 Days ==========

[2012/04/26 21:13:02 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\jason\Desktop\OTL.exe
[2012/04/26 21:13:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/26 20:59:30 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/26 20:59:30 | 000,599,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/26 20:59:30 | 000,105,448 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/26 20:53:24 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/26 20:52:45 | 000,003,616 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 20:52:45 | 000,003,616 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 20:52:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/26 20:18:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/26 20:01:31 | 004,477,246 | R--- | M] (Swearware) -- C:\Users\jason\Desktop\ComboFix.exe
[2012/04/26 19:34:59 | 000,044,607 | ---- | M] () -- C:\Users\jason\Desktop\bootkit_remover.zip
[2012/04/26 18:56:52 | 000,000,512 | ---- | M] () -- C:\Users\jason\Desktop\MBR.dat
[2012/04/26 17:52:06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\jason\Desktop\aswMBR.exe
[2012/04/26 17:15:36 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\jason\Desktop\unhide.exe
[2012/04/26 15:31:21 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\jason\Desktop\dds.scr
[2012/04/26 15:15:41 | 000,302,592 | ---- | M] () -- C:\Users\jason\Desktop\6gibrndy.exe
[2012/04/26 15:05:36 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\jason\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/26 10:21:41 | 000,000,956 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/24 20:00:47 | 000,166,400 | ---- | M] () -- C:\Users\jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/04/26 20:10:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/26 20:10:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/26 20:10:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/26 20:10:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/26 20:10:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/26 19:34:59 | 000,044,607 | ---- | C] () -- C:\Users\jason\Desktop\bootkit_remover.zip
[2012/04/26 18:56:52 | 000,000,512 | ---- | C] () -- C:\Users\jason\Desktop\MBR.dat
[2012/04/26 17:33:31 | 000,002,048 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink DVD Suite.lnk
[2012/04/26 17:33:31 | 000,002,039 | ---- | C] () -- C:\Users\jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Subtitle Workshop.lnk
[2012/04/26 17:33:31 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\eBay Turbo Lister 2.lnk
[2012/04/26 17:33:31 | 000,001,952 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2012/04/26 17:33:31 | 000,001,925 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2012/04/26 17:33:31 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/04/26 17:33:31 | 000,001,810 | ---- | C] () -- C:\Users\jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/26 17:33:31 | 000,001,786 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/04/26 17:33:31 | 000,001,635 | ---- | C] () -- C:\Users\jason\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay Turbo Lister 2.lnk
[2012/04/26 17:33:31 | 000,001,453 | ---- | C] () -- C:\Users\jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2012/04/26 17:33:31 | 000,001,429 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2012/04/26 17:33:31 | 000,001,192 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2012/04/26 17:33:31 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/04/26 17:33:31 | 000,000,981 | ---- | C] () -- C:\Users\jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/26 17:33:31 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2012/04/26 17:33:31 | 000,000,258 | ---- | C] () -- C:\Users\jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/04/26 17:33:31 | 000,000,240 | ---- | C] () -- C:\Users\jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/04/26 15:15:40 | 000,302,592 | ---- | C] () -- C:\Users\jason\Desktop\6gibrndy.exe
[2012/04/26 15:06:48 | 000,000,956 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/26 15:06:47 | 000,024,904 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/14 20:36:55 | 000,000,680 | ---- | C] () -- C:\Users\jason\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2011/11/10 18:32:34 | 000,000,000 | ---D | M] -- C:\Users\jason\AppData\Roaming\Boilsoft
[2011/07/07 18:07:41 | 000,000,000 | ---D | M] -- C:\Users\jason\AppData\Roaming\DVDFab
[2009/09/25 17:33:18 | 000,000,000 | ---D | M] -- C:\Users\jason\AppData\Roaming\Maxthon2
[2011/03/19 13:02:30 | 000,000,000 | ---D | M] -- C:\Users\jason\AppData\Roaming\mkvtoolnix
[2009/09/25 18:11:18 | 000,000,000 | ---D | M] -- C:\Users\jason\AppData\Roaming\PPLive
[2009/09/25 17:30:26 | 000,000,000 | ---D | M] -- C:\Users\jason\AppData\Roaming\PPLiveVA
[2011/11/14 21:19:32 | 000,000,000 | ---D | M] -- C:\Users\jason\AppData\Roaming\QuickScan
[2009/08/04 19:14:17 | 000,000,000 | ---D | M] -- C:\Users\jason\AppData\Roaming\Seven Zip
[2009/09/27 20:08:29 | 000,000,000 | ---D | M] -- C:\Users\jason\AppData\Roaming\StreamTorrent
[2011/02/24 12:53:53 | 000,000,000 | ---D | M] -- C:\Users\jason\AppData\Roaming\VitySoft
[2012/04/22 21:01:33 | 000,000,000 | ---D | M] -- C:\Users\jason\AppData\Roaming\Vso
[2012/02/19 19:29:56 | 000,000,000 | ---D | M] -- C:\Users\jason\AppData\Roaming\Yziq
[2012/02/19 19:22:01 | 000,000,000 | ---D | M] -- C:\Users\jason\AppData\Roaming\Zivouka
[2012/04/26 20:51:37 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/01/21 03:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/06/16 20:31:33 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/04/26 20:57:21 | 000,014,605 | ---- | M] () -- C:\ComboFix.txt
[2011/05/18 17:03:55 | 000,005,734 | ---- | M] () -- C:\InstallHelper.log
[2005/09/23 01:39:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2012/04/26 20:52:38 | 312,672,255 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/11/02 16:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 16:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 16:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 16:06:41 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 04:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/04/27 19:15:52 | 000,000,221 | -HS- | M] () -- C:\Users\jason\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/04/26 15:15:41 | 000,302,592 | ---- | M] () -- C:\Users\jason\Desktop\6gibrndy.exe
[2012/04/26 17:52:06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\jason\Desktop\aswMBR.exe
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\jason\Desktop\boot_cleaner.exe
[2012/04/26 20:01:31 | 004,477,246 | R--- | M] (Swearware) -- C:\Users\jason\Desktop\ComboFix.exe
[2012/04/26 15:05:36 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\jason\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/26 21:13:02 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\jason\Desktop\OTL.exe
[2011/11/17 10:27:32 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\jason\Desktop\TFC.exe
[2012/04/26 17:15:36 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\jason\Desktop\unhide.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/04/26 20:53:24 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/26 21:13:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/26 20:52:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/04/26 20:51:37 | 000,032,644 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/01/11 21:06:31 | 000,000,402 | -HS- | M] () -- C:\Users\jason\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/01/23 18:27:12 | 000,000,795 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >
< End of report >
 
I forgot this, sorry.

OTL Extras logfile created on: 26/04/2012 21:15:22 - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\jason\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 66.08% Memory free
8.22 Gb Paging File | 6.74 Gb Available in Paging File | 81.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.94 Gb Total Space | 11.42 Gb Free Space | 2.54% Space Free | Partition Type: NTFS

Computer Name: OFFICE-PC | User Name: jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" ()
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01943767-EA0F-4C16-A703-C6068163BB4A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{09312CA8-FD14-46CD-A2EC-77EF5A7064E6}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppliveu.exe |
"{199170A2-95BF-427C-B417-5056D5737F40}" = dir=in | app=c:\program files (x86)\ (x86)\cyberlink\powerdvd\powerdvd.exe |
"{2048BD4F-B565-4FD7-BE04-65663055E655}" = protocol=6 | dir=in | app=c:\programdata\ppliveva\application\ppap.exe |
"{316043AA-5BBF-42FD-877B-1F7A0520B878}" = protocol=17 | dir=in | app=c:\programdata\ppliveva\application\ppap.exe |
"{35143099-3730-4240-B9B9-11CB4BCB1803}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |
"{38C6DF66-04B3-40F0-9704-0CC84EE196F4}" = protocol=17 | dir=in | app=c:\program files (x86)\ppliveva\download.exe |
"{3D9AA8E1-B323-417D-87EE-B8F8DA5DD006}" = protocol=6 | dir=in | app=c:\program files (x86)\ppliveva\downloadprogress.exe |
"{426FE995-4074-4B9D-8EE8-58006BB7E944}" = protocol=6 | dir=in | app=c:\program files (x86)\ppliveva\download.exe |
"{55A410EB-09F4-4584-98CB-2547CC7D218C}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |
"{55B921F7-ED7F-49C6-8569-B52DC8876AA3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{69EB51F6-8E3E-4B45-ADBB-FFEF4B14DD62}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{A4293591-8190-498B-847D-00E888B40B26}" = protocol=17 | dir=in | app=c:\program files (x86)\ppliveva\ppliveva.exe |
"{BA2C4881-EB68-4794-A9EE-B5A595893AE3}" = protocol=17 | dir=in | app=c:\program files (x86)\ppliveva\downloadprogress.exe |
"{BC6794B1-A597-4ADE-A517-AD7CE72F4CA3}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppliveu.exe |
"{E02344D7-12CC-40C6-9574-A1852E10EB9F}" = protocol=6 | dir=in | app=c:\program files (x86)\ppliveva\flvpick.exe |
"{E5D4A84D-0A3E-4732-9538-33209B0C9861}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{ECBD86DA-B940-486E-A5A3-5E9408DCD303}" = dir=in | app=c:\program files (x86)\ (x86)\cyberlink\powerdirector express\pdx.exe |
"{ECD4EE7B-10E4-4C39-8A06-CC8D522A391E}" = protocol=17 | dir=in | app=c:\program files (x86)\ppliveva\crashupload.exe |
"{F1446D3E-CEC0-415B-8070-3D86F0A71B6C}" = protocol=6 | dir=in | app=c:\program files (x86)\ppliveva\crashupload.exe |
"{FAFBE5E9-E37C-4C00-8931-E3A4200449E5}" = protocol=17 | dir=in | app=c:\program files (x86)\ppliveva\flvpick.exe |
"{FED0F273-876C-4402-A162-B7D1AB0311B8}" = protocol=6 | dir=in | app=c:\program files (x86)\ppliveva\ppliveva.exe |
"TCP Query User{19028F86-DF55-40B8-91D3-3CD958D6F527}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{3A86A0D0-4687-4235-930D-8F1A481987D3}C:\users\jason\appdata\roaming\yziq\liewbya.exe" = protocol=6 | dir=in | app=c:\users\jason\appdata\roaming\yziq\liewbya.exe |
"TCP Query User{40F23AFC-0EAE-4B68-A43F-76ED6D16A1DC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{455B432D-74B4-4ED7-8EEA-406A2EEC9EF8}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{55C6C619-32BE-40DD-B975-EB5F59E50440}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"TCP Query User{61263F19-ABAF-4D01-B1B7-80D90001D2EC}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{9E2BCB3A-8632-44E0-8DAA-71073087E107}C:\program files (x86)\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvants\tvants.exe |
"TCP Query User{9EADF232-BD4D-4B70-AE17-97CD8D479283}C:\program files (x86)\java\jre6\launch4j-tmp\frd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\launch4j-tmp\frd.exe |
"TCP Query User{CA38E55A-7677-49AB-BD3F-B4DCFCA5B20B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{CB600C67-EBB3-466D-A757-A00E000D95FC}C:\program files (x86)\stormii\box\stline.exe" = protocol=6 | dir=in | app=c:\program files (x86)\stormii\box\stline.exe |
"TCP Query User{CBC64387-9843-4343-B541-64E3C178A81F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{DA97EB7C-C4EE-475F-AAF5-7101D63FDCC5}C:\program files (x86)\java\jre6\launch4j-tmp\frd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\launch4j-tmp\frd.exe |
"TCP Query User{F2BB6FF1-690A-40C7-AD27-4A69ADDCAC89}C:\program files (x86)\stormii\stormpop.exe" = protocol=6 | dir=in | app=c:\program files (x86)\stormii\stormpop.exe |
"TCP Query User{FFC2D772-F3C1-4530-9E46-B109C332B108}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{22201877-7EAE-4982-AD2F-013A8C42C0F3}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{23F352CF-625F-4AE2-8996-34BDF4C82B99}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{2D59D20C-086E-4FDD-ADC8-BA455D5297F6}C:\program files (x86)\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvants\tvants.exe |
"UDP Query User{3C3B691A-EED3-44B5-BF91-4BC680566DC5}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{49B96208-A3D0-4476-AAC8-86548D194B7F}C:\program files (x86)\stormii\box\stline.exe" = protocol=17 | dir=in | app=c:\program files (x86)\stormii\box\stline.exe |
"UDP Query User{6E041A17-0A2B-4790-B3C0-7131E3DF6A49}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{8C95C653-EBF7-482D-9C5A-5000636E3706}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{998476E7-8230-461A-9543-6AF6DACD5635}C:\program files (x86)\java\jre6\launch4j-tmp\frd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\launch4j-tmp\frd.exe |
"UDP Query User{9F4D4178-B17D-46EB-84F4-56D5A7778512}C:\program files (x86)\java\jre6\launch4j-tmp\frd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\launch4j-tmp\frd.exe |
"UDP Query User{A57AFF31-9DF1-4541-84A5-0590C8F3EACC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{CE054CF4-469A-475D-AFF2-AFF24406E9AD}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{F73775B2-C662-419C-9FAD-F759D469FDF8}C:\users\jason\appdata\roaming\yziq\liewbya.exe" = protocol=17 | dir=in | app=c:\users\jason\appdata\roaming\yziq\liewbya.exe |
"UDP Query User{F7B7D7DA-4D72-4971-89ED-F4914087C41E}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"UDP Query User{F7F8B58B-5FB2-44DD-8C40-B063CD24B657}C:\program files (x86)\stormii\stormpop.exe" = protocol=17 | dir=in | app=c:\program files (x86)\stormii\stormpop.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{3850334B-82B7-4875-BEFD-CB91F2527565}" = 64 Bit HP CIO Components Installer
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.1.2.34
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C708333C-B1B9-43be-B797-49FEC7A8D15B}" = C5200
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{cef78f86-19a8-4bbd-91fa-e9b6b2d37348}" = C5200_Help
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD920AB6-2DB9-48B7-8052-0A4F0C4277BC}" = MarketingReg
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = PowerDVD Copy
"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1" = Boilsoft Video Joiner 6.56
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVI MPEG RM WMV Joiner_is1" = AVI/MPEG/RM/WMV Joiner 4.82
"Avira AntiVir Desktop" = Avira Free Antivirus
"CDisplay_is1" = CDisplay 1.8
"coverXP" = coverXP (remove only)
"DVDFab 8 Qt_is1" = DVDFab 8.1.0.5 (04/07/2011) Qt
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.5.3 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MKVtoolnix" = MKVtoolnix 4.6.0
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"PPLive" = PPLive 1.9
"RealPlayer 12.0" = RealPlayer
"SopCast" = SopCast 3.2.4
"SubtitleWorkshop" = Subtitle Workshop 2.51
"TVAnts 1.0" = TVAnts 1.0
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.7
"VobSub" = VobSub v2.23 (Remove Only)
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1318639389-2330378091-3496585167-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/04/2012 04:19:40 | Computer Name = Office-PC | Source = WinMgmt | ID = 10
Description =

Error - 24/04/2012 05:38:15 | Computer Name = Office-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18000, time stamp
0x47918f11, faulting module mshtml.dll, version 7.0.6001.18203, time stamp 0x496ed0f3,
exception code 0xc0000005, fault offset 0x00097a4e, process id 0xfa4, application
start time 0x01cd21f731ef9a42.

Error - 24/04/2012 08:16:33 | Computer Name = Office-PC | Source = WinMgmt | ID = 10
Description =

Error - 24/04/2012 12:14:36 | Computer Name = Office-PC | Source = WinMgmt | ID = 10
Description =

Error - 24/04/2012 15:16:56 | Computer Name = Office-PC | Source = WinMgmt | ID = 10
Description =

Error - 25/04/2012 04:58:24 | Computer Name = Office-PC | Source = WinMgmt | ID = 10
Description =

Error - 25/04/2012 11:03:15 | Computer Name = Office-PC | Source = WinMgmt | ID = 10
Description =

Error - 25/04/2012 13:01:57 | Computer Name = Office-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 25/04/2012 13:01:59 | Computer Name = Office-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 25/04/2012 17:55:52 | Computer Name = Office-PC | Source = WinMgmt | ID = 10
Description =

[ ODiag Events ]
Error - 21/04/2009 17:02:31 | Computer Name = Office-PC | Source = Microsoft Office 12 Diagnostics | ID = 320
Description =

[ System Events ]
Error - 26/04/2012 15:20:56 | Computer Name = Office-PC | Source = HTTP | ID = 15016
Description =

Error - 26/04/2012 15:22:34 | Computer Name = Office-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 26/04/2012 15:22:35 | Computer Name = Office-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 26/04/2012 15:43:50 | Computer Name = Office-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 26/04/2012 15:43:50 | Computer Name = Office-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 26/04/2012 15:47:17 | Computer Name = Office-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 26/04/2012 15:51:32 | Computer Name = Office-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 26/04/2012 15:52:43 | Computer Name = Office-PC | Source = HTTP | ID = 15016
Description =

Error - 26/04/2012 15:54:21 | Computer Name = Office-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 26/04/2012 15:54:22 | Computer Name = Office-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >
 
You must log in or register to reply here.

Similar threads

midian182
Russia-backed hacking group suspected of attack on US water system
Replies
13
Views
208
trparky
T
A
Astronomers discover why a binary black hole system has the hiccups
Replies
2
Views
211
Mr Majestyk
M
J
Open RAN means to enable next-gen mobile infrastructure, but what's been going on?
Replies
1
Views
390
Uncle Al
Uncle Al

Latest posts

Back