Inactive Search redirect malware hit PC, need help

SecurityCheckup log below...

Results of screen317's Security Check version 0.99.25
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG PC Tuneup 2011
ESET Online Scanner v3
Microsoft Security Essentials
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
AVG PC Tuneup 2011
Java(TM) 6 Update 29
Adobe Flash Player ( 10.3.181.14) Flash Player Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Spybot Teatimer.exe is disabled!
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````
 
Okay, the only thing in the Securiy Scan is the Adobe Flash. The following is what shows in the installed programs:
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX

The Security scan shows update needed:

Check for Adobe Flash Update v11
Check for Activex for IE
Check for Plugin for FF v11

If any of these are already installed, you will likely get a message to hat effect.
========================================
About the 'Java leak:'
The DDS log you ran originally showed what appears to be about 100+/- files like this:
c:\users\john\appdata\local\{06A6D127-FA0B-4C62-893C-E510026DDE3A}

The numerical sequence is different in each- all were from the last 30 days. Consider the possibility that one of these files may contain malicious script, so every time it updates, you get the script again. I don't know this and I can't check because none of the CLIDs for the apps can be identified.

I'd like to run one more scan in the hope that I might find the 'leak':
  • Download OTL from either of the links below and save it to your desktop.
    Link 1
    Link 2
  • Double click the OTL icon to run it.
    OTL_Icon.gif
  • The opened console will resemble this:
    OTLv3.1.5.0.gif
  • Set Output at the top to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Copy the entries in the Codebox below> Paste in the Custom Scan box.
    Code:
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    userinit.exe
    activex
    msconfig
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    Make sure all other windows are closed and to let it run uninterrupted.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
 
Ran OTL, here is OTL.txt (part 1)

OTL logfile created on: 11/10/2011 11:05:00 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\John\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 36.20% Memory free
4.00 Gb Paging File | 2.11 Gb Available in Paging File | 52.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 3.84 Gb Free Space | 2.57% Space Free | Partition Type: NTFS
Drive E: | 372.60 Gb Total Space | 110.09 Gb Free Space | 29.55% Space Free | Partition Type: NTFS

Computer Name: FAMILYPC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\John\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
PRC - C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\TiVo\Desktop\TiVoTransfer.exe (TiVo Inc.)
PRC - C:\Program Files\TiVo\Desktop\TiVoNotify.exe (TiVo Inc.)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
PRC - C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\Windows\vsnpstd3.exe ()


========== Modules (No Company Name) ==========

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\vsnpstd3.exe ()
MOD - C:\Program Files\TiVo\Desktop\StlpMt45.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (FlipShareServer) -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe ()
SRV - (TivoBeacon2) -- C:\Program Files\TiVo\Desktop\TiVoBeacon.exe (TiVo Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (EPSON_EB_RPCV4_04) EPSON V5 Service4(04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_04) EPSON V3 Service4(04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (PAC7302) -- C:\Windows\System32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - No CLSID value found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 99 C8 92 7D 91 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\John\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Bandoo (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\John\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Extension = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\

O1 HOSTS File: ([2011/11/09 17:01:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TivoNotify] C:\Program Files\TiVo\Desktop\TiVoNotify.exe (TiVo Inc.)
O4 - HKCU..\Run: [TivoServer] C:\Program Files\TiVo\Desktop\TiVoServer.exe (TiVo Inc.)
O4 - HKCU..\Run: [TivoTransfer] C:\Program Files\TiVo\Desktop\TiVoTransfer.exe (TiVo Inc.)
O4 - HKCU..\Run: [TranscodingService] C:\Program Files\TiVo\Desktop\Plus\\TranscodingService.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EA3B73C-52E7-4632-9399-71C3A80B61CC}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EA3B73C-52E7-4632-9399-71C3A80B61CC}: NameServer = 192.168.2.1,8.8.4.4,8.8.4.4
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC30EE65-2226-0669-EC6D-045EBAA742AC} - Browser Customizations
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/10 11:02:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2011/11/10 10:57:25 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{A8DD5EF4-1A9A-4AD2-86E5-3E05F60AE884}
[2011/11/10 10:57:12 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{10B2AD0B-FB64-4441-AECA-2BA504F133A9}
[2011/11/10 10:56:58 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{40BE500D-F7FE-4529-9E49-D21666C4496A}
[2011/11/09 20:01:18 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{995A56EF-403F-449C-B757-E6DE40E1C088}
[2011/11/09 20:01:07 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{DA2AC36C-E54C-4669-9009-DFB3240D3181}
[2011/11/09 17:24:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/09 17:21:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/09 15:26:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/09 08:00:41 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{77939C0A-81EC-4E65-A58D-E30834519804}
[2011/11/09 08:00:31 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{EC89AD70-BB73-48C5-AEF7-3CCD49BB1310}
[2011/11/09 08:00:20 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{CE654CD0-7117-48B4-9527-5BA8CD52198D}
[2011/11/09 08:00:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{D8C8BD09-20FE-41EB-8310-F81E3BB82E76}
[2011/11/08 09:44:14 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{0C985395-FCD7-4244-B7E1-15709143D0B7}
[2011/11/08 09:44:03 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{8153CCAD-5A8C-4B1A-A1A9-884A0B9ED6BA}
[2011/11/08 07:32:34 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\temp
[2011/11/07 21:43:36 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{3FDB5DD1-C34C-4F73-AC3A-1CE6A7AC6309}
[2011/11/07 09:43:12 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{15A5168C-6558-49BD-9622-C185165A1E84}
[2011/11/07 09:43:00 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{55F46E37-66DC-4E0B-81A1-A1136A1907BF}
[2011/11/06 21:42:26 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{4FBE5F64-05B6-41B7-9925-2725581C522C}
[2011/11/06 21:42:14 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{15C2C7C2-7445-4D37-BCF0-EF9B1BA524CB}
[2011/11/06 17:25:10 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com
[2011/11/06 17:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/11/06 17:24:33 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/11/06 17:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/06 09:41:43 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{258CB69A-04D0-4D76-94FC-BA7538C51842}
[2011/11/06 09:41:31 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{7D573364-4167-40D6-A71F-FDEB7FB86DAD}
[2011/11/05 21:41:05 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{106DD746-5BD5-4AFC-B2C7-9CF410036206}
[2011/11/05 21:40:54 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{900D297C-8AB2-40BB-A6E5-6E0A3BEFD6DD}
[2011/11/05 21:40:43 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{CBFE04A4-8EA3-478B-810B-DD8F87B7E43D}
[2011/11/05 21:40:28 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{FDBD2BBD-2340-41F6-BF68-211C49E76033}
[2011/11/05 13:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/05 07:57:14 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{C55D1DD3-C7E3-477D-8C9E-089969D5E6A3}
[2011/11/05 07:56:56 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{FDD5611E-BE52-4703-B719-2C25FAA30B06}
[2011/11/05 07:56:41 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{6F9D1E7F-8838-48C4-863A-9700C90B8A4D}
[2011/11/02 18:47:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdlSoft Uncompressor
[2011/11/02 18:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\ADLSoft UnCompressor
[2011/10/31 20:39:59 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\TurboTax
[2011/10/31 15:41:49 | 004,283,735 | R--- | C] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe
[2011/10/31 12:49:22 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\John\Desktop\dds.scr
[2011/10/31 10:02:33 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{E6FF941F-06D0-4A50-9513-333D263A386C}
[2011/10/31 10:02:18 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{5958497D-ADAD-4D25-8D02-A4FC886DF598}
[2011/10/30 10:01:53 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\bootkit_remover
[2011/10/30 10:01:25 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\John\Desktop\tdsskiller.exe
[2011/10/30 09:53:47 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2011/10/30 09:12:06 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{C45AB9A6-0240-4BF4-8254-F1A2A183B485}
[2011/10/30 09:11:54 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{755C0C83-ADF5-4792-B7D2-3FEC0C0F6689}
[2011/10/29 20:21:15 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{D6C8C450-F1EC-4BB3-B068-DA85DB9A26D3}
[2011/10/29 20:21:04 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{07FF8BE1-A8FE-4F4D-94E9-0F288C7C9E21}
[2011/10/29 06:58:11 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{57E21ACE-9E96-4E51-BFF3-F959F76C665D}
[2011/10/29 06:58:00 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{8F33B3F3-1E51-47F6-9F9D-71621120354A}
[2011/10/28 18:57:22 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{6CC01C18-2E1F-4933-9861-57E6B3726B48}
[2011/10/28 18:57:11 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{3D680668-D658-4FE4-8200-0BDE762B3A51}
[2011/10/28 06:56:35 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{103BD07D-31D4-4E43-9BEF-A49367B3B927}
[2011/10/28 06:56:24 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{61F2241C-0343-47E3-85AB-650287A91D25}
[2011/10/27 18:11:29 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{C38FC954-78B5-4C57-A131-441CD9CA31D8}
[2011/10/27 18:11:18 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{06A6D127-FA0B-4C62-893C-E510026DDE3A}
[2011/10/27 06:10:42 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{C86794CF-1FC3-4561-9570-96C1A1671C0F}
[2011/10/27 06:10:31 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{78A531AB-2C75-416B-B8F2-84C63ABF7C3D}
[2011/10/26 18:09:54 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{3B78D9E0-49BD-45DA-A1B8-0F1C5119541C}
[2011/10/26 18:09:43 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{AA3DB2EC-9475-4ABD-B33A-21E50C28098D}
[2011/10/26 06:09:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{2542908E-D4D7-4338-94C0-F46EBAF73356}
[2011/10/26 06:08:57 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{8627EA74-9A73-42DB-AAEC-7BED9C9D2000}
[2011/10/26 06:08:46 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{FFBE2B2D-1700-4D47-967D-1F2F70ACB502}
[2011/10/26 06:08:35 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{AF8B243C-F9D4-46CA-8451-8998AFE4C0C8}
[2011/10/25 18:08:10 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{20B27EC2-5BC4-4666-B674-9927ADDC6AEB}
[2011/10/25 18:07:58 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{FCA695B5-F96B-478D-9A70-9988B488C324}
[2011/10/25 15:42:40 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2011/10/25 15:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/25 15:42:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/25 15:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/25 15:41:18 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\John\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/25 06:07:30 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{BA546490-C10A-4409-A69C-EA6C7C3D900D}
[2011/10/25 06:07:17 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{BBDC40BE-020B-4815-8A6E-53C8F7C9B28F}
[2011/10/25 06:06:59 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{70B645DC-775C-4B06-9C3B-D7335BCB44FD}
[2011/10/25 06:06:45 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{44E59FCD-0732-4D4C-B492-C5ACE393BEB2}
[2011/10/24 08:02:31 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{6EDE0F1F-F493-422D-9FEF-98EC9E41FB5A}
[2011/10/24 08:02:20 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{0D0E38E2-9688-4E90-9325-195E357111F3}
[2011/10/23 17:42:53 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{B352F5C9-6F13-432C-BFFA-76DD02C145CC}
[2011/10/23 17:42:43 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{A32D6A7F-0176-46FB-857F-9429B8204F8E}
[2011/10/23 17:42:32 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{BA9C61BB-B71A-4A01-8D67-351CE7BBEA60}
[2011/10/23 17:42:21 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{10308935-7290-48B5-B1F4-92F202C7C8FF}
[2011/10/23 13:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/10/23 13:00:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/10/23 13:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/10/23 05:41:55 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{AD624341-0269-4C12-AFB5-28E7D311577B}
[2011/10/23 05:41:44 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{74C4707D-F0E6-481A-B909-38DDC4B60961}
[2011/10/22 10:16:53 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{9C157157-4D7D-4FD4-B207-C7E1081894BB}
[2011/10/22 10:16:19 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{B29ACD72-9A68-4DEA-988B-1684CF1897D0}
[2011/10/22 10:15:54 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{FF911891-B2D8-4D4E-A9B9-71EBA2C46F88}
[2011/10/21 20:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/21 20:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/21 20:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/21 20:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/21 20:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/21 19:49:06 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{94EB172A-8EE6-4910-84D3-8785C49F0FB9}
[2011/10/21 19:48:53 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{EA227192-9E0C-4418-A10C-A6A4E9783FDB}
[2011/10/20 22:57:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/20 22:57:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/20 22:57:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/20 22:43:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/20 22:28:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/20 22:19:02 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{FF3DEC86-FB1F-4686-BA8C-AADB55197A86}
[2011/10/20 22:18:50 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{CE3132B7-1BB1-4B4F-BF48-B3405C78C256}
[2011/10/20 22:18:34 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{00BC2FB7-0621-4BC0-9F53-839A853BD34F}
[2011/10/20 09:10:21 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{95BEE55A-BA96-4EA9-BA58-525DAB1DF664}
[2011/10/20 09:10:05 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{7EE83231-AE47-4AD5-BF24-DAEBF6148A3E}
[2007/03/12 10:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2005/11/23 11:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/10 11:02:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2011/11/10 11:02:24 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 11:02:24 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 10:56:40 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/10 10:54:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/10 08:43:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/10 03:29:26 | 000,626,354 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/10 03:29:26 | 000,107,816 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/10 03:25:04 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/11/10 03:24:47 | 000,414,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/10 03:24:10 | 1610,051,584 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/09 17:01:25 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/09 15:23:34 | 000,879,555 | ---- | M] () -- C:\Users\John\Desktop\SecurityCheck.exe
[2011/11/06 17:24:35 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/05 08:02:22 | 004,283,735 | R--- | M] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe
[2011/10/31 12:42:34 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\John\Desktop\dds.scr
[2011/10/30 13:17:40 | 000,302,592 | ---- | M] () -- C:\Users\John\Desktop\5glfh97s.exe
[2011/10/30 09:54:49 | 002,565,464 | ---- | M] () -- C:\Users\John\Desktop\NTBR_CD.exe
[2011/10/30 09:54:40 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\John\Desktop\tdsskiller.exe
[2011/10/30 09:54:19 | 000,044,607 | ---- | M] () -- C:\Users\John\Desktop\bootkit_remover.zip
[2011/10/29 05:31:05 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/10/27 13:17:43 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2011/10/25 15:42:26 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/25 15:35:34 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\John\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/23 13:01:07 | 000,001,240 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/23 13:01:07 | 000,001,216 | ---- | M] () -- C:\Users\John\Desktop\Spybot - Search & Destroy.lnk
[2011/10/21 20:18:59 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/21 20:14:13 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/20 20:48:59 | 000,000,456 | -H-- | M] () -- C:\ProgramData\YvlzRhbIO74SOK
[2011/10/20 20:47:56 | 000,000,240 | -H-- | M] () -- C:\ProgramData\~YvlzRhbIO74SOK
[2011/10/20 20:47:56 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~YvlzRhbIO74SOKr
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/09 15:23:34 | 000,879,555 | ---- | C] () -- C:\Users\John\Desktop\SecurityCheck.exe
[2011/11/06 17:24:35 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/31 10:04:12 | 000,302,592 | ---- | C] () -- C:\Users\John\Desktop\5glfh97s.exe
[2011/10/30 10:01:25 | 002,565,464 | ---- | C] () -- C:\Users\John\Desktop\NTBR_CD.exe
[2011/10/30 10:01:24 | 000,044,607 | ---- | C] () -- C:\Users\John\Desktop\bootkit_remover.zip
[2011/10/25 15:42:26 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/23 13:01:07 | 000,001,240 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/23 13:01:07 | 000,001,216 | ---- | C] () -- C:\Users\John\Desktop\Spybot - Search & Destroy.lnk
[2011/10/21 20:18:59 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/21 20:14:13 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/20 22:57:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/20 22:57:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/20 22:57:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/20 22:57:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/20 22:57:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/20 08:40:02 | 000,000,240 | -H-- | C] () -- C:\ProgramData\~YvlzRhbIO74SOK
[2011/10/20 08:40:02 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~YvlzRhbIO74SOKr
[2011/10/20 08:39:59 | 000,000,456 | -H-- | C] () -- C:\ProgramData\YvlzRhbIO74SOK
[2011/09/14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/06/27 12:53:02 | 000,234,855 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/06/19 17:49:20 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2011/06/11 07:16:26 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/06/11 06:54:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/06/05 17:04:12 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/05/20 20:26:33 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/05/20 20:24:44 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/02/21 19:50:52 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/02/21 19:50:52 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/02/21 19:50:52 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/02/21 19:50:52 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/02/21 19:50:52 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/02/21 19:50:52 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/02/21 19:50:52 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/02/21 19:50:52 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/02/21 19:50:52 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/02/21 19:50:52 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/02/21 19:50:52 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/02/21 19:50:52 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/02/21 19:50:52 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/02/21 19:50:52 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/02/21 19:50:52 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/02/21 19:50:52 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/02/21 19:48:52 | 000,000,079 | ---- | C] () -- C:\Windows\ENX625.ini
[2010/08/04 00:14:28 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/08/02 19:52:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/05/08 15:05:06 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini
[2010/01/19 09:31:10 | 000,007,609 | ---- | C] () -- C:\Users\John\AppData\Local\Resmon.ResmonCfg
[2010/01/09 22:27:45 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/01/09 22:27:45 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD5250DN.DAT
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:33:53 | 000,414,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,626,354 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,107,816 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/02/19 00:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2006/09/19 08:07:28 | 000,827,392 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2004/08/13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2004/02/27 15:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
 
OTL.txt (part 2)

========== LOP Check ==========

[2010/04/21 20:40:09 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Amazon
[2011/04/03 18:19:22 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AnvSoft
[2011/05/08 07:53:13 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVG
[2010/10/17 19:41:40 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVG10
[2011/09/10 17:27:01 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Bandoo
[2011/02/21 20:29:27 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Epson
[2010/06/06 20:42:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Facebook
[2010/05/10 05:43:41 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\IObit
[2011/02/21 20:04:55 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leader Technologies
[2011/02/21 20:00:27 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leadertech
[2010/05/25 23:11:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\nomp
[2011/04/03 18:19:20 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\OpenCandy
[2010/10/10 09:47:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Opera
[2011/11/06 19:06:21 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 00:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/27 23:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 06:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 06:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 06:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 19:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
 
Extras.txt

OTL Extras logfile created on: 11/10/2011 11:05:00 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\John\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 36.20% Memory free
4.00 Gb Paging File | 2.11 Gb Available in Paging File | 52.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 3.84 Gb Free Space | 2.57% Space Free | Partition Type: NTFS
Drive E: | 372.60 Gb Total Space | 110.09 Gb Free Space | 29.55% Space Free | Partition Type: NTFS

Computer Name: FAMILYPC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{098104AB-F9FF-4BF5-B909-071C60164E82}" = TileGem
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 29
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{420DFB63-8AE7-F7D6-E4B4-AB6D140221F4}" = FlipShare
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{4E839090-3B68-436A-B3CF-A2A08C38DD26}" = TiVo Desktop 2.8.2
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{54510837-8D99-4877-8C7A-031000008200}" = Red Faction: Guerrilla
"{54510837-BD04-4C32-9676-DB1000038201}" = Red Faction: Guerrilla
"{54862F37-FB81-FDD7-0E47-8E01858213FD}" = Application Profiles
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{55E6088B-DC4A-44C1-BBD2-9E379F476246}" = Photo Resizer
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}" = Logitech Gaming Software 5.02
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F6D8BC6-CE36-493B-996F-04CD8CCC35A8}" = Bing Bar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88704942-56A8-4EEC-A121-77687677DEE5}" = Microsoft WorldWide Telescope
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2007
"{90120000-0017-0409-0000-0000000FF1CE}_SharePointDesignerR_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIOR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.VISIOR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIOR_{CDC4310F-8189-485F-B47D-D972217CE173}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.VISIOR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.VISIOR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007
"{91120000-0017-0000-0000-0000000FF1CE}_SharePointDesignerR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0017-0000-0000-0000000FF1CE}_SharePointDesignerR_{E1C33B03-3FE9-45BF-91E4-0266F38618C6}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96056420-DDF3-46A7-AA8D-BC2D1AE5290B}" = Microsoft IntelliType Pro 8.1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CE4B7FA-8626-316B-B483-FCEF49E27430}" = AMD Catalyst Install Manager
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = PC Camera
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C24AA919-EBBC-4C77-8048-00C9E8AB5493}" = REA's TESTware for the AP World History
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F940D29F-DDAB-390B-1307-B132C693DD39}" = Catalyst Control Center InstallProxy
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Any Video Converter_is1" = Any Video Converter 3.2.1
"Audacity_is1" = Audacity 1.2.6
"CDex" = CDex - Open Source Digital Audio CD Extractor
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EPSON NX620 Series" = EPSON NX620 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"ExtractNow_is1" = ExtractNow
"EZNEC_-5000_is1" = EZNEC Demo v. 5.0
"GameSpy Arcade" = GameSpy Arcade
"GFWL_{54510837-8D99-4877-8C7A-031000008200}" = Red Faction: Guerrilla
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.VISIOR" = Microsoft Visio Professional 2010
"PageRage Toolbar" = PageRage Toolbar
"QuickPar" = QuickPar 0.9
"SharePointDesignerR" = Microsoft Office SharePoint Designer 2007
"Steam App 440" = Team Fortress 2
"WebDesigner" = Microsoft Expression Web
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/17/2011 8:09:18 PM | Computer Name = FamilyPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10265

Error - 3/17/2011 8:09:19 PM | Computer Name = FamilyPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/17/2011 8:09:19 PM | Computer Name = FamilyPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11357

Error - 3/17/2011 8:09:19 PM | Computer Name = FamilyPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11357

Error - 3/17/2011 9:38:01 PM | Computer Name = FamilyPC | Source = RasClient | ID = 20227
Description =

Error - 3/17/2011 9:38:02 PM | Computer Name = FamilyPC | Source = RasClient | ID = 20227
Description =

Error - 3/17/2011 10:19:22 PM | Computer Name = FamilyPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/17/2011 10:19:22 PM | Computer Name = FamilyPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1045

Error - 3/17/2011 10:19:22 PM | Computer Name = FamilyPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1045

Error - 3/17/2011 10:19:23 PM | Computer Name = FamilyPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ OSession Events ]
Error - 9/8/2010 12:13:51 PM | Computer Name = FamilyPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/30/2010 4:17:08 AM | Computer Name = FamilyPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26739
seconds with 960 seconds of active time. This session ended with a crash.

Error - 10/5/2010 11:23:56 PM | Computer Name = FamilyPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/29/2010 7:09:06 AM | Computer Name = FamilyPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/2/2011 10:17:49 AM | Computer Name = FamilyPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/5/2011 7:22:17 PM | Computer Name = FamilyPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1484
seconds with 1440 seconds of active time. This session ended with a crash.

Error - 6/2/2011 9:10:25 PM | Computer Name = FamilyPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/3/2011 8:43:56 PM | Computer Name = FamilyPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 24
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/20/2011 10:45:26 AM | Computer Name = FamilyPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/20/2011 10:52:02 AM | Computer Name = FamilyPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/9/2011 5:19:04 PM | Computer Name = FamilyPC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.01 service failed to start due to the following error:
%%3

Error - 11/9/2011 5:40:37 PM | Computer Name = FamilyPC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 11/9/2011 6:06:21 PM | Computer Name = FamilyPC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 11/9/2011 6:28:16 PM | Computer Name = FamilyPC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 11/9/2011 6:29:29 PM | Computer Name = FamilyPC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:27:53 PM on ?11/?9/?2011 was unexpected.

Error - 11/9/2011 6:29:34 PM | Computer Name = FamilyPC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.01 service failed to start due to the following error:
%%3

Error - 11/10/2011 5:22:23 AM | Computer Name = FamilyPC | Source = DCOM | ID = 10010
Description =

Error - 11/10/2011 5:23:08 AM | Computer Name = FamilyPC | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid
current state 32.

Error - 11/10/2011 5:25:00 AM | Computer Name = FamilyPC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.01 service failed to start due to the following error:
%%3

Error - 11/10/2011 5:54:46 AM | Computer Name = FamilyPC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.


< End of report >
 
new symptom...

Noticing an audio stream launching indiscriminately, sounds like a teen radio station, very annoying. Launched Task mgr, no apps loaded, and see no obvious process related to this audio stream. Don't know how this is occurring.

As always, much thanks for your help!!!
 
I'm going through th log now. I know what Squeezebox is, but I don't know how it's suppose to be configured. But I am concerned about the following 2 sets of entries:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp

Are you using a firewall? Did you intentionally open these ports?

Is it possible that the music you hear in streaming in through one (or more) of these ports?
 
squeezebox thoughts...

Appears to be altogether far too many ports necessary for squeezebox, tho maybe this is how the unwarranted audio stream is being received, not sure. However, I have long since uninstalled the Squeezebox server from this PC, but of course the uninstall was not very complete given these open ports. Is there a simple way to close these ports? I do not believe it should affect any software functions, and as you suggest may close down some unwarranted activity. TIA...
 
If you can't open the firewall and uncheck these ports, I can remove them. You should also look for any remaining files or folders for that program.

OTL Custom Scan Fixes
  • Run OTL
  • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:

    Code:
    :OTL
    IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - No CLSID value found
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 99 C8 92 7D 91 CA 01 [binary data]
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O32 - HKLM CDRom: AutoRun - 1
    [2011/11/09 17:24:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/11/08 07:32:34 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\temp
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]
    [2011/10/30 13:17:40 | 000,302,592 | ---- | M] () -- C:\Users\John\Desktop\5glfh97s.exe
    [2011/10/20 20:48:59 | 000,000,456 | -H-- | M] () -- C:\ProgramData\YvlzRhbIO74SOK
    [2011/10/20 20:47:56 | 000,000,240 | -H-- | M] () -- C:\ProgramData\~YvlzRhbIO74SOK
    [2011/10/20 20:47:56 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~YvlzRhbIO74SOKr
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
    :Reg
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    helpfile [open] -- Reg Error: Key error.
    regfile [merge] -- Reg Error: Key error.
    txtfile [edit] -- Reg Error: Key error.
    Folder [explore] -- Reg Error: Value error.
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{6F6D8BC6-CE36-493B-996F-04CD8CCC35A8}" 
    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" 
    "conduitEngine" = Conduit Engine 
    "PageRage Toolbar" = PageRage Toolbar  
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run uninterrupted, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
=============================================
This needs to be addressed: The Shadow Copy has shut down because 'user has not allowed space.

Check how much free disk space is available on the system volume in Windows Explorer.
  • Control Panel> System> Advanced System Settings.
  • Select the System Protection Tab.
  • Select the System Drive (Usually C:)in the Protection Settings box
  • Click the Configure Button.
  • Use the slider to increase the amount of disk space allocated to System Restore in the Disk Space Usage section
  • When finished, click on Apply> OK.
When the system is clean, I will have you drop the old restore points and set a new clean one.
===========================================
Let's talk about why your system is malware waiting to happen!
1)User 'John' ran 65 appdata from 10/1- 10/31
2) 7 QuickTime plugins> Files size of each: 159744, all on 10/22
3) Running program like Bandoo:
4) no Tracking Cookie/ad/banner protection
5) TiVo Desktop
 
OTL Quickscan log

OTL logfile created on: 11/12/2011 9:27:47 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\John\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.64% Memory free
4.00 Gb Paging File | 2.76 Gb Available in Paging File | 69.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 3.73 Gb Free Space | 2.51% Space Free | Partition Type: NTFS
Drive E: | 372.60 Gb Total Space | 110.09 Gb Free Space | 29.55% Space Free | Partition Type: NTFS

Computer Name: FAMILYPC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\John\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
PRC - C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe ()
PRC - C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe (AVG)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\TiVo\Desktop\TiVoTransfer.exe (TiVo Inc.)
PRC - C:\Program Files\TiVo\Desktop\TiVoNotify.exe (TiVo Inc.)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
PRC - C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\Windows\vsnpstd3.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\AVG\AVG PC Tuneup 2011\madExcept_.bpl ()
MOD - C:\Program Files\AVG\AVG PC Tuneup 2011\madBasic_.bpl ()
MOD - C:\Program Files\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl ()
MOD - C:\Windows\vsnpstd3.exe ()
MOD - C:\Program Files\TiVo\Desktop\StlpMt45.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (FlipShareServer) -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe ()
SRV - (TivoBeacon2) -- C:\Program Files\TiVo\Desktop\TiVoBeacon.exe (TiVo Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (EPSON_EB_RPCV4_04) EPSON V5 Service4(04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_04) EPSON V3 Service4(04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (PAC7302) -- C:\Windows\System32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\John\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Bandoo (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\John\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Extension = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\

O1 HOSTS File: ([2011/11/09 17:01:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TivoNotify] C:\Program Files\TiVo\Desktop\TiVoNotify.exe (TiVo Inc.)
O4 - HKCU..\Run: [TivoServer] C:\Program Files\TiVo\Desktop\TiVoServer.exe (TiVo Inc.)
O4 - HKCU..\Run: [TivoTransfer] C:\Program Files\TiVo\Desktop\TiVoTransfer.exe (TiVo Inc.)
O4 - HKCU..\Run: [TranscodingService] C:\Program Files\TiVo\Desktop\Plus\\TranscodingService.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EA3B73C-52E7-4632-9399-71C3A80B61CC}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EA3B73C-52E7-4632-9399-71C3A80B61CC}: NameServer = 192.168.2.1,8.8.4.4,8.8.4.4
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/12 21:25:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/12 20:59:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/12 19:01:23 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{69BC47A4-E53D-49C9-A47B-51B0E55FCC72}
[2011/11/12 19:01:12 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{A21E8AE6-C973-4BCC-BF84-9D8B6A752494}
[2011/11/12 07:00:44 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{AA8FCCBB-C9EA-40CC-89DD-8D2FE3BCF73D}
[2011/11/12 07:00:31 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{C61BB90B-5B57-4F11-A7FF-EE086B4DA9EE}
[2011/11/12 07:00:16 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{4A1E88BD-BDEB-47EA-97C7-92177BC80EC7}
[2011/11/12 07:00:03 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{5E1C4190-7309-433F-BF14-1ED266DD32C3}
[2011/11/11 16:57:16 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{3B66D7BC-A758-4123-BB75-DCD1AD99B23E}
[2011/11/11 16:57:04 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{C83EA5DD-780E-47BC-AD8B-50D77A918C7B}
[2011/11/11 16:56:50 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{DF0BE7A1-6609-4CFE-947A-88EF7D9FB962}
[2011/11/10 11:02:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2011/11/10 10:57:25 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{A8DD5EF4-1A9A-4AD2-86E5-3E05F60AE884}
[2011/11/10 10:57:12 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{10B2AD0B-FB64-4441-AECA-2BA504F133A9}
[2011/11/10 10:56:58 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{40BE500D-F7FE-4529-9E49-D21666C4496A}
[2011/11/09 20:01:18 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{995A56EF-403F-449C-B757-E6DE40E1C088}
[2011/11/09 20:01:07 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{DA2AC36C-E54C-4669-9009-DFB3240D3181}
[2011/11/09 17:21:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/09 15:26:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/09 08:00:41 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{77939C0A-81EC-4E65-A58D-E30834519804}
[2011/11/09 08:00:31 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{EC89AD70-BB73-48C5-AEF7-3CCD49BB1310}
[2011/11/09 08:00:20 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{CE654CD0-7117-48B4-9527-5BA8CD52198D}
[2011/11/09 08:00:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{D8C8BD09-20FE-41EB-8310-F81E3BB82E76}
[2011/11/08 09:44:14 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{0C985395-FCD7-4244-B7E1-15709143D0B7}
[2011/11/08 09:44:03 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{8153CCAD-5A8C-4B1A-A1A9-884A0B9ED6BA}
[2011/11/08 07:32:34 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\temp
[2011/11/07 21:43:36 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{3FDB5DD1-C34C-4F73-AC3A-1CE6A7AC6309}
[2011/11/07 09:43:12 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{15A5168C-6558-49BD-9622-C185165A1E84}
[2011/11/07 09:43:00 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{55F46E37-66DC-4E0B-81A1-A1136A1907BF}
[2011/11/06 21:42:26 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{4FBE5F64-05B6-41B7-9925-2725581C522C}
[2011/11/06 21:42:14 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{15C2C7C2-7445-4D37-BCF0-EF9B1BA524CB}
[2011/11/06 17:25:10 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com
[2011/11/06 17:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/11/06 17:24:33 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/11/06 17:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/06 09:41:43 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{258CB69A-04D0-4D76-94FC-BA7538C51842}
[2011/11/06 09:41:31 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{7D573364-4167-40D6-A71F-FDEB7FB86DAD}
[2011/11/05 21:41:05 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{106DD746-5BD5-4AFC-B2C7-9CF410036206}
[2011/11/05 21:40:54 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{900D297C-8AB2-40BB-A6E5-6E0A3BEFD6DD}
[2011/11/05 21:40:43 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{CBFE04A4-8EA3-478B-810B-DD8F87B7E43D}
[2011/11/05 21:40:28 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{FDBD2BBD-2340-41F6-BF68-211C49E76033}
[2011/11/05 13:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/05 07:57:14 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{C55D1DD3-C7E3-477D-8C9E-089969D5E6A3}
[2011/11/05 07:56:56 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{FDD5611E-BE52-4703-B719-2C25FAA30B06}
[2011/11/05 07:56:41 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{6F9D1E7F-8838-48C4-863A-9700C90B8A4D}
[2011/11/02 18:47:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdlSoft Uncompressor
[2011/11/02 18:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\ADLSoft UnCompressor
[2011/10/31 20:39:59 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\TurboTax
[2011/10/31 15:41:49 | 004,283,735 | R--- | C] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe
[2011/10/31 12:49:22 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\John\Desktop\dds.scr
[2011/10/31 10:02:33 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{E6FF941F-06D0-4A50-9513-333D263A386C}
[2011/10/31 10:02:18 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{5958497D-ADAD-4D25-8D02-A4FC886DF598}
[2011/10/30 10:01:53 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\bootkit_remover
[2011/10/30 10:01:25 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\John\Desktop\tdsskiller.exe
[2011/10/30 09:53:47 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2011/10/30 09:12:06 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{C45AB9A6-0240-4BF4-8254-F1A2A183B485}
[2011/10/30 09:11:54 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{755C0C83-ADF5-4792-B7D2-3FEC0C0F6689}
[2011/10/29 20:21:15 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{D6C8C450-F1EC-4BB3-B068-DA85DB9A26D3}
[2011/10/29 20:21:04 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{07FF8BE1-A8FE-4F4D-94E9-0F288C7C9E21}
[2011/10/29 06:58:11 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{57E21ACE-9E96-4E51-BFF3-F959F76C665D}
[2011/10/29 06:58:00 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{8F33B3F3-1E51-47F6-9F9D-71621120354A}
[2011/10/28 18:57:22 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{6CC01C18-2E1F-4933-9861-57E6B3726B48}
[2011/10/28 18:57:11 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{3D680668-D658-4FE4-8200-0BDE762B3A51}
[2011/10/28 06:56:35 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{103BD07D-31D4-4E43-9BEF-A49367B3B927}
[2011/10/28 06:56:24 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{61F2241C-0343-47E3-85AB-650287A91D25}
[2011/10/27 18:11:29 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{C38FC954-78B5-4C57-A131-441CD9CA31D8}
[2011/10/27 18:11:18 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{06A6D127-FA0B-4C62-893C-E510026DDE3A}
[2011/10/27 06:10:42 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{C86794CF-1FC3-4561-9570-96C1A1671C0F}
[2011/10/27 06:10:31 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{78A531AB-2C75-416B-B8F2-84C63ABF7C3D}
[2011/10/26 18:09:54 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{3B78D9E0-49BD-45DA-A1B8-0F1C5119541C}
[2011/10/26 18:09:43 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{AA3DB2EC-9475-4ABD-B33A-21E50C28098D}
[2011/10/26 06:09:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{2542908E-D4D7-4338-94C0-F46EBAF73356}
[2011/10/26 06:08:57 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{8627EA74-9A73-42DB-AAEC-7BED9C9D2000}
[2011/10/26 06:08:46 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{FFBE2B2D-1700-4D47-967D-1F2F70ACB502}
[2011/10/26 06:08:35 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{AF8B243C-F9D4-46CA-8451-8998AFE4C0C8}
[2011/10/25 18:08:10 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{20B27EC2-5BC4-4666-B674-9927ADDC6AEB}
[2011/10/25 18:07:58 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{FCA695B5-F96B-478D-9A70-9988B488C324}
[2011/10/25 15:42:40 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2011/10/25 15:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/25 15:42:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/25 15:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/25 15:41:18 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\John\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/25 06:07:30 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{BA546490-C10A-4409-A69C-EA6C7C3D900D}
[2011/10/25 06:07:17 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{BBDC40BE-020B-4815-8A6E-53C8F7C9B28F}
[2011/10/25 06:06:59 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{70B645DC-775C-4B06-9C3B-D7335BCB44FD}
[2011/10/25 06:06:45 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{44E59FCD-0732-4D4C-B492-C5ACE393BEB2}
[2011/10/24 08:02:31 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{6EDE0F1F-F493-422D-9FEF-98EC9E41FB5A}
[2011/10/24 08:02:20 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{0D0E38E2-9688-4E90-9325-195E357111F3}
[2011/10/23 17:42:53 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{B352F5C9-6F13-432C-BFFA-76DD02C145CC}
[2011/10/23 17:42:43 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{A32D6A7F-0176-46FB-857F-9429B8204F8E}
[2011/10/23 17:42:32 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{BA9C61BB-B71A-4A01-8D67-351CE7BBEA60}
[2011/10/23 17:42:21 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{10308935-7290-48B5-B1F4-92F202C7C8FF}
[2011/10/23 13:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/10/23 13:00:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/10/23 13:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/10/23 05:41:55 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{AD624341-0269-4C12-AFB5-28E7D311577B}
[2011/10/23 05:41:44 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{74C4707D-F0E6-481A-B909-38DDC4B60961}
[2011/10/22 10:16:53 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{9C157157-4D7D-4FD4-B207-C7E1081894BB}
[2011/10/22 10:16:19 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{B29ACD72-9A68-4DEA-988B-1684CF1897D0}
[2011/10/22 10:15:54 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{FF911891-B2D8-4D4E-A9B9-71EBA2C46F88}
[2011/10/21 20:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/21 20:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/21 20:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/21 20:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/21 20:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/21 19:49:06 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{94EB172A-8EE6-4910-84D3-8785C49F0FB9}
[2011/10/21 19:48:53 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{EA227192-9E0C-4418-A10C-A6A4E9783FDB}
[2011/10/20 22:57:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/20 22:57:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/20 22:57:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/20 22:43:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/20 22:28:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/20 22:19:02 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{FF3DEC86-FB1F-4686-BA8C-AADB55197A86}
[2011/10/20 22:18:50 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{CE3132B7-1BB1-4B4F-BF48-B3405C78C256}
[2011/10/20 22:18:34 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{00BC2FB7-0621-4BC0-9F53-839A853BD34F}
[2011/10/20 09:10:21 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{95BEE55A-BA96-4EA9-BA58-525DAB1DF664}
[2011/10/20 09:10:05 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{7EE83231-AE47-4AD5-BF24-DAEBF6148A3E}
[2007/03/12 10:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2005/11/23 11:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll

========== Files - Modified Within 30 Days ==========

[2011/11/12 21:31:28 | 000,626,354 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/12 21:31:28 | 000,107,816 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/12 21:25:24 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/12 21:25:10 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/11/12 21:25:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/12 21:24:59 | 1610,051,584 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/12 20:54:58 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/12 07:27:54 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/12 07:27:54 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 11:02:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2011/11/10 03:24:47 | 000,414,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/09 17:01:25 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/09 15:23:34 | 000,879,555 | ---- | M] () -- C:\Users\John\Desktop\SecurityCheck.exe
[2011/11/06 17:24:35 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/05 08:02:22 | 004,283,735 | R--- | M] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe
[2011/10/31 12:42:34 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\John\Desktop\dds.scr
[2011/10/30 09:54:49 | 002,565,464 | ---- | M] () -- C:\Users\John\Desktop\NTBR_CD.exe
[2011/10/30 09:54:40 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\John\Desktop\tdsskiller.exe
[2011/10/30 09:54:19 | 000,044,607 | ---- | M] () -- C:\Users\John\Desktop\bootkit_remover.zip
[2011/10/29 05:31:05 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/10/27 13:17:43 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2011/10/25 15:42:26 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/25 15:35:34 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\John\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/23 13:01:07 | 000,001,240 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/23 13:01:07 | 000,001,216 | ---- | M] () -- C:\Users\John\Desktop\Spybot - Search & Destroy.lnk
[2011/10/21 20:18:59 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/21 20:14:13 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

========== Files Created - No Company Name ==========

[2011/11/09 15:23:34 | 000,879,555 | ---- | C] () -- C:\Users\John\Desktop\SecurityCheck.exe
[2011/11/06 17:24:35 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/30 10:01:25 | 002,565,464 | ---- | C] () -- C:\Users\John\Desktop\NTBR_CD.exe
[2011/10/30 10:01:24 | 000,044,607 | ---- | C] () -- C:\Users\John\Desktop\bootkit_remover.zip
[2011/10/25 15:42:26 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/23 13:01:07 | 000,001,240 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/23 13:01:07 | 000,001,216 | ---- | C] () -- C:\Users\John\Desktop\Spybot - Search & Destroy.lnk
[2011/10/21 20:18:59 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/21 20:14:13 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/20 22:57:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/20 22:57:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/20 22:57:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/20 22:57:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/20 22:57:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/06/27 12:53:02 | 000,234,855 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/06/19 17:49:20 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2011/06/11 07:16:26 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/06/11 06:54:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/06/05 17:04:12 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/05/20 20:26:33 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/05/20 20:24:44 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/02/21 19:50:52 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/02/21 19:50:52 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/02/21 19:50:52 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/02/21 19:50:52 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/02/21 19:50:52 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/02/21 19:50:52 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/02/21 19:50:52 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/02/21 19:50:52 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/02/21 19:50:52 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/02/21 19:50:52 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/02/21 19:50:52 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/02/21 19:50:52 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/02/21 19:50:52 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/02/21 19:50:52 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/02/21 19:50:52 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/02/21 19:50:52 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/02/21 19:48:52 | 000,000,079 | ---- | C] () -- C:\Windows\ENX625.ini
[2010/08/04 00:14:28 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/08/02 19:52:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/05/08 15:05:06 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini
[2010/01/19 09:31:10 | 000,007,609 | ---- | C] () -- C:\Users\John\AppData\Local\Resmon.ResmonCfg
[2010/01/09 22:27:45 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/01/09 22:27:45 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD5250DN.DAT
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:33:53 | 000,414,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,626,354 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,107,816 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/02/19 00:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2006/09/19 08:07:28 | 000,827,392 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2004/08/13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2004/02/27 15:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini

========== LOP Check ==========

[2010/04/21 20:40:09 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Amazon
[2011/04/03 18:19:22 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AnvSoft
[2011/05/08 07:53:13 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVG
[2010/10/17 19:41:40 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVG10
[2011/09/10 17:27:01 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Bandoo
[2011/02/21 20:29:27 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Epson
[2010/06/06 20:42:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Facebook
[2010/05/10 05:43:41 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\IObit
[2011/02/21 20:04:55 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leader Technologies
[2011/02/21 20:00:27 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leadertech
[2010/05/25 23:11:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\nomp
[2011/04/03 18:19:20 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\OpenCandy
[2010/10/10 09:47:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Opera
[2011/11/06 19:06:21 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
 
follow-up

Performed update to System Restore as suggested...

Per comments related to malware, see notes/questions...
1)User 'John' ran 65 appdata from 10/1- 10/31
-not sure how this was generated???
2) 7 QuickTime plugins> Files size of each: 159744, all on 10/22
-same as above, anything I can do to address?
3) Running program like Bandoo:
-removed as noted previously..
4) no Tracking Cookie/ad/banner protection
-any recommendations? Does SpyBot do this, or MSE?
5) TiVo Desktop
-I can remove this if necessary, only use occasionally.

Let me know your take on the above log, hopefully making progress. Thanks!
 
A few questions & comments:

1. Is this your work computer?
2. Are you connecting remotely?
1)User 'John' ran 65 appdata from 10/1- 10/31
-not sure how this was generated???
3. You have about 81 appdatas in the last 30 days. I can't identify them. Do you know what these are? A few of the examples:
[2011/11/12 19:01:23 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{69BC47A4-E53D-49C9-A47B-51B0E55FCC72}
[2011/11/12 19:01:12 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{A21E8AE6-C973-4BCC-BF84-9D8B6A752494}
[2011/11/12 07:00:44 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{AA8FCCBB-C9EA-40CC-89DD-8D2FE3BCF73D}
[2011/11/12 07:00:31 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{C61BB90B-5B57-4F11-A7FF-EE086B4DA9EE}
[2011/11/12 07:00:16 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{4A1E88BD-BDEB-47EA-97C7-92177BC80EC7}
[2011/11/12 07:00:03 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{5E1C4190-7309-433F-BF14-1ED266DD32C3}
[2011/11/11 16:57:16 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{3B66D7BC-A758-4123-BB75-DCD1AD99B23E}
[2011/11/11 16:57:04 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{C83EA5DD-780E-47BC-AD8B-50D77A918C7B}
[2011/11/11 16:56:50 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{DF0BE7A1-6609-4CFE-947A-88EF7D9FB962}
They seem to be increasing.
4. I have noted sevaral cleaning-type scans processes on the system. I didn't have you run them and the date indicates it was after we started:
C:\Users\John\Desktop\bootkit_remover.zip> 10/30
C:\Users\John\Desktop\aswMBR.exe> 10/27
C:\Users\John\Desktop\NTBR_CD.exe> BurnItCD.cmd 10/30

It also appears that you ran Combofix, but did not uninstall it per instructions before running Combifix I gave you:
Completion time: 2011-10-31 18:06:06
ComboFix-quarantined-files.txt 2011-10-31 23:05
ComboFix2.txt 2011-10-21 06:15

It may be that some of the processes showing in the Qoobox were removed in the run on 10/21.
==============================================
OTL Custom Scan Fixes

  • Run OTL
  • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:

    Code:
    :OTL
    :KillAllProcesses
    @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:0B4227B4
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 
    CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Bandoo (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePl ugin.dll
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    [2010/05/10 05:43:41 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\IObit
    [2011/04/03 18:19:20 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\OpenCandy
    [2011/09/10 17:27:01 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Bandoo
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run uninterrupted, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
=========================================
Please update the Adobe Reader to v10: Visit this Adobe Reader site . Uninstall any earlier updates as they are vulnerabilities.
 
Questions follow-up

1. No, this is not a work computer...as you may have guessed with the various accounts, its a family computer with various activities by kids and adults.

2. Me connecting remotely to this PC, or from this PC...not certain exactly what you're asking? Irrespective, I am doing neither myself. Earlier in the year, I would use this PC to connect to a remote VPN on occasion, but have not done this for over 3 months.

3. I do see these AppData entries, have no idea what they are. They are all zero byte directories with no files found within. Is there any way to look at these items to make a determination of their source? Other than the work I'm doing with you, I'm not really using this PC for any purpose...so these AppData entries are suspicious because I don't think there's any activity that I've undertaken that would generate such folders.

4. Before I started with you, I did make various attempts to cure the PC, with no success. Could this be what you're seeing? Do I need to address anything here?

Now I will carry the OTL script as you've suggested and post the log. Thanks!
 
OTL Log

OTL logfile created on: 11/13/2011 7:45:54 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\John\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 52.92% Memory free
4.00 Gb Paging File | 2.89 Gb Available in Paging File | 72.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 4.02 Gb Free Space | 2.69% Space Free | Partition Type: NTFS
Drive E: | 372.60 Gb Total Space | 110.09 Gb Free Space | 29.55% Space Free | Partition Type: NTFS

Computer Name: FAMILYPC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\John\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
PRC - C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe ()
PRC - C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe (AVG)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\TiVo\Desktop\TiVoTransfer.exe (TiVo Inc.)
PRC - C:\Program Files\TiVo\Desktop\TiVoNotify.exe (TiVo Inc.)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
PRC - C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\Windows\vsnpstd3.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\AVG\AVG PC Tuneup 2011\madExcept_.bpl ()
MOD - C:\Program Files\AVG\AVG PC Tuneup 2011\madBasic_.bpl ()
MOD - C:\Program Files\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl ()
MOD - C:\Windows\vsnpstd3.exe ()
MOD - C:\Program Files\TiVo\Desktop\StlpMt45.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (FlipShareServer) -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe ()
SRV - (TivoBeacon2) -- C:\Program Files\TiVo\Desktop\TiVoBeacon.exe (TiVo Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (EPSON_EB_RPCV4_04) EPSON V5 Service4(04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_04) EPSON V3 Service4(04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (PAC7302) -- C:\Windows\System32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\John\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Bandoo (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\John\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Extension = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\

O1 HOSTS File: ([2011/11/09 17:01:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TivoNotify] C:\Program Files\TiVo\Desktop\TiVoNotify.exe (TiVo Inc.)
O4 - HKCU..\Run: [TivoServer] C:\Program Files\TiVo\Desktop\TiVoServer.exe (TiVo Inc.)
O4 - HKCU..\Run: [TivoTransfer] C:\Program Files\TiVo\Desktop\TiVoTransfer.exe (TiVo Inc.)
O4 - HKCU..\Run: [TranscodingService] C:\Program Files\TiVo\Desktop\Plus\\TranscodingService.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EA3B73C-52E7-4632-9399-71C3A80B61CC}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EA3B73C-52E7-4632-9399-71C3A80B61CC}: NameServer = 192.168.2.1,8.8.4.4,8.8.4.4
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/13 13:01:37 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{D737F357-864F-497F-8B84-A56F86E6763E}
[2011/11/13 13:01:23 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{AE873068-CA4C-45A0-B2EA-57D55013088A}
[2011/11/13 13:01:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{B98FFB27-66D9-4E8D-8699-68E7721479DC}
[2011/11/13 13:00:49 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{6D8DDA63-101D-4B5C-96FC-3E70E269343F}
[2011/11/12 21:25:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/12 20:59:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/12 19:01:23 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{69BC47A4-E53D-49C9-A47B-51B0E55FCC72}
[2011/11/12 19:01:12 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{A21E8AE6-C973-4BCC-BF84-9D8B6A752494}
[2011/11/12 07:00:44 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{AA8FCCBB-C9EA-40CC-89DD-8D2FE3BCF73D}
[2011/11/12 07:00:31 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{C61BB90B-5B57-4F11-A7FF-EE086B4DA9EE}
[2011/11/12 07:00:16 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{4A1E88BD-BDEB-47EA-97C7-92177BC80EC7}
[2011/11/12 07:00:03 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{5E1C4190-7309-433F-BF14-1ED266DD32C3}
[2011/11/11 16:57:16 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{3B66D7BC-A758-4123-BB75-DCD1AD99B23E}
[2011/11/11 16:57:04 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{C83EA5DD-780E-47BC-AD8B-50D77A918C7B}
[2011/11/11 16:56:50 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{DF0BE7A1-6609-4CFE-947A-88EF7D9FB962}
[2011/11/10 11:02:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2011/11/10 10:57:25 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{A8DD5EF4-1A9A-4AD2-86E5-3E05F60AE884}
[2011/11/10 10:57:12 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{10B2AD0B-FB64-4441-AECA-2BA504F133A9}
[2011/11/10 10:56:58 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{40BE500D-F7FE-4529-9E49-D21666C4496A}
[2011/11/09 20:01:18 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{995A56EF-403F-449C-B757-E6DE40E1C088}
[2011/11/09 20:01:07 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{DA2AC36C-E54C-4669-9009-DFB3240D3181}
[2011/11/09 17:21:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/09 15:26:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/09 08:00:41 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{77939C0A-81EC-4E65-A58D-E30834519804}
[2011/11/09 08:00:31 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{EC89AD70-BB73-48C5-AEF7-3CCD49BB1310}
[2011/11/09 08:00:20 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{CE654CD0-7117-48B4-9527-5BA8CD52198D}
[2011/11/09 08:00:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{D8C8BD09-20FE-41EB-8310-F81E3BB82E76}
[2011/11/08 09:44:14 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{0C985395-FCD7-4244-B7E1-15709143D0B7}
[2011/11/08 09:44:03 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{8153CCAD-5A8C-4B1A-A1A9-884A0B9ED6BA}
[2011/11/08 07:32:34 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\temp
[2011/11/07 21:43:36 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{3FDB5DD1-C34C-4F73-AC3A-1CE6A7AC6309}
[2011/11/07 09:43:12 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{15A5168C-6558-49BD-9622-C185165A1E84}
[2011/11/07 09:43:00 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{55F46E37-66DC-4E0B-81A1-A1136A1907BF}
[2011/11/06 21:42:26 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{4FBE5F64-05B6-41B7-9925-2725581C522C}
[2011/11/06 21:42:14 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{15C2C7C2-7445-4D37-BCF0-EF9B1BA524CB}
[2011/11/06 17:25:10 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com
[2011/11/06 17:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/11/06 17:24:33 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/11/06 17:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/06 09:41:43 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{258CB69A-04D0-4D76-94FC-BA7538C51842}
[2011/11/06 09:41:31 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{7D573364-4167-40D6-A71F-FDEB7FB86DAD}
[2011/11/05 21:41:05 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{106DD746-5BD5-4AFC-B2C7-9CF410036206}
[2011/11/05 21:40:54 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{900D297C-8AB2-40BB-A6E5-6E0A3BEFD6DD}
[2011/11/05 21:40:43 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{CBFE04A4-8EA3-478B-810B-DD8F87B7E43D}
[2011/11/05 21:40:28 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{FDBD2BBD-2340-41F6-BF68-211C49E76033}
[2011/11/05 13:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/05 07:57:14 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{C55D1DD3-C7E3-477D-8C9E-089969D5E6A3}
[2011/11/05 07:56:56 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{FDD5611E-BE52-4703-B719-2C25FAA30B06}
[2011/11/05 07:56:41 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{6F9D1E7F-8838-48C4-863A-9700C90B8A4D}
[2011/11/02 18:47:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdlSoft Uncompressor
[2011/11/02 18:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\ADLSoft UnCompressor
[2011/10/31 20:39:59 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\TurboTax
[2011/10/31 15:41:49 | 004,283,735 | R--- | C] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe
[2011/10/31 12:49:22 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\John\Desktop\dds.scr
[2011/10/31 10:02:33 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{E6FF941F-06D0-4A50-9513-333D263A386C}
[2011/10/31 10:02:18 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{5958497D-ADAD-4D25-8D02-A4FC886DF598}
[2011/10/30 10:01:53 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\bootkit_remover
[2011/10/30 10:01:25 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\John\Desktop\tdsskiller.exe
[2011/10/30 09:53:47 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2011/10/30 09:12:06 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{C45AB9A6-0240-4BF4-8254-F1A2A183B485}
[2011/10/30 09:11:54 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{755C0C83-ADF5-4792-B7D2-3FEC0C0F6689}
[2011/10/29 20:21:15 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{D6C8C450-F1EC-4BB3-B068-DA85DB9A26D3}
[2011/10/29 20:21:04 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{07FF8BE1-A8FE-4F4D-94E9-0F288C7C9E21}
[2011/10/29 06:58:11 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{57E21ACE-9E96-4E51-BFF3-F959F76C665D}
[2011/10/29 06:58:00 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{8F33B3F3-1E51-47F6-9F9D-71621120354A}
[2011/10/28 18:57:22 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{6CC01C18-2E1F-4933-9861-57E6B3726B48}
[2011/10/28 18:57:11 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{3D680668-D658-4FE4-8200-0BDE762B3A51}
[2011/10/28 06:56:35 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{103BD07D-31D4-4E43-9BEF-A49367B3B927}
[2011/10/28 06:56:24 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{61F2241C-0343-47E3-85AB-650287A91D25}
[2011/10/27 18:11:29 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{C38FC954-78B5-4C57-A131-441CD9CA31D8}
[2011/10/27 18:11:18 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{06A6D127-FA0B-4C62-893C-E510026DDE3A}
[2011/10/27 06:10:42 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{C86794CF-1FC3-4561-9570-96C1A1671C0F}
[2011/10/27 06:10:31 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{78A531AB-2C75-416B-B8F2-84C63ABF7C3D}
[2011/10/26 18:09:54 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{3B78D9E0-49BD-45DA-A1B8-0F1C5119541C}
[2011/10/26 18:09:43 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{AA3DB2EC-9475-4ABD-B33A-21E50C28098D}
[2011/10/26 06:09:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{2542908E-D4D7-4338-94C0-F46EBAF73356}
[2011/10/26 06:08:57 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{8627EA74-9A73-42DB-AAEC-7BED9C9D2000}
[2011/10/26 06:08:46 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{FFBE2B2D-1700-4D47-967D-1F2F70ACB502}
[2011/10/26 06:08:35 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{AF8B243C-F9D4-46CA-8451-8998AFE4C0C8}
[2011/10/25 18:08:10 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{20B27EC2-5BC4-4666-B674-9927ADDC6AEB}
[2011/10/25 18:07:58 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{FCA695B5-F96B-478D-9A70-9988B488C324}
[2011/10/25 15:42:40 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2011/10/25 15:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/25 15:42:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/25 15:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/25 15:41:18 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\John\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/25 06:07:30 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{BA546490-C10A-4409-A69C-EA6C7C3D900D}
[2011/10/25 06:07:17 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{BBDC40BE-020B-4815-8A6E-53C8F7C9B28F}
[2011/10/25 06:06:59 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{70B645DC-775C-4B06-9C3B-D7335BCB44FD}
[2011/10/25 06:06:45 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{44E59FCD-0732-4D4C-B492-C5ACE393BEB2}
[2011/10/24 08:02:31 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{6EDE0F1F-F493-422D-9FEF-98EC9E41FB5A}
[2011/10/24 08:02:20 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{0D0E38E2-9688-4E90-9325-195E357111F3}
[2011/10/23 17:42:53 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{B352F5C9-6F13-432C-BFFA-76DD02C145CC}
[2011/10/23 17:42:43 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{A32D6A7F-0176-46FB-857F-9429B8204F8E}
[2011/10/23 17:42:32 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{BA9C61BB-B71A-4A01-8D67-351CE7BBEA60}
[2011/10/23 17:42:21 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{10308935-7290-48B5-B1F4-92F202C7C8FF}
[2011/10/23 13:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/10/23 13:00:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/10/23 13:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/10/23 05:41:55 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{AD624341-0269-4C12-AFB5-28E7D311577B}
[2011/10/23 05:41:44 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{74C4707D-F0E6-481A-B909-38DDC4B60961}
[2011/10/22 10:16:53 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{9C157157-4D7D-4FD4-B207-C7E1081894BB}
[2011/10/22 10:16:19 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{B29ACD72-9A68-4DEA-988B-1684CF1897D0}
[2011/10/22 10:15:54 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{FF911891-B2D8-4D4E-A9B9-71EBA2C46F88}
[2011/10/21 20:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/21 20:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/21 20:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/21 20:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/21 20:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/21 19:49:06 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{94EB172A-8EE6-4910-84D3-8785C49F0FB9}
[2011/10/21 19:48:53 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{EA227192-9E0C-4418-A10C-A6A4E9783FDB}
[2011/10/20 22:57:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/20 22:57:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/20 22:57:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/20 22:43:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/20 22:28:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/20 22:19:02 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{FF3DEC86-FB1F-4686-BA8C-AADB55197A86}
[2011/10/20 22:18:50 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{CE3132B7-1BB1-4B4F-BF48-B3405C78C256}
[2011/10/20 22:18:34 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{00BC2FB7-0621-4BC0-9F53-839A853BD34F}
[2011/10/20 09:10:21 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{95BEE55A-BA96-4EA9-BA58-525DAB1DF664}
[2011/10/20 09:10:05 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{7EE83231-AE47-4AD5-BF24-DAEBF6148A3E}
[2007/03/12 10:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2005/11/23 11:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll

========== Files - Modified Within 30 Days ==========

[2011/11/13 19:50:28 | 000,626,354 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/13 19:50:28 | 000,107,816 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/13 19:43:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/13 19:43:32 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/11/13 19:43:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/13 19:43:15 | 1610,051,584 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/13 18:54:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/12 21:49:17 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/12 21:49:17 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 11:02:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2011/11/10 03:24:47 | 000,414,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/09 17:01:25 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/09 15:23:34 | 000,879,555 | ---- | M] () -- C:\Users\John\Desktop\SecurityCheck.exe
[2011/11/06 17:24:35 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/05 08:02:22 | 004,283,735 | R--- | M] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe
[2011/10/31 12:42:34 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\John\Desktop\dds.scr
[2011/10/30 09:54:49 | 002,565,464 | ---- | M] () -- C:\Users\John\Desktop\NTBR_CD.exe
[2011/10/30 09:54:40 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\John\Desktop\tdsskiller.exe
[2011/10/30 09:54:19 | 000,044,607 | ---- | M] () -- C:\Users\John\Desktop\bootkit_remover.zip
[2011/10/29 05:31:05 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/10/27 13:17:43 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2011/10/25 15:42:26 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/25 15:35:34 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\John\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/23 13:01:07 | 000,001,240 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/23 13:01:07 | 000,001,216 | ---- | M] () -- C:\Users\John\Desktop\Spybot - Search & Destroy.lnk
[2011/10/21 20:18:59 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/21 20:14:13 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

========== Files Created - No Company Name ==========

[2011/11/09 15:23:34 | 000,879,555 | ---- | C] () -- C:\Users\John\Desktop\SecurityCheck.exe
[2011/11/06 17:24:35 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/30 10:01:25 | 002,565,464 | ---- | C] () -- C:\Users\John\Desktop\NTBR_CD.exe
[2011/10/30 10:01:24 | 000,044,607 | ---- | C] () -- C:\Users\John\Desktop\bootkit_remover.zip
[2011/10/25 15:42:26 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/23 13:01:07 | 000,001,240 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/23 13:01:07 | 000,001,216 | ---- | C] () -- C:\Users\John\Desktop\Spybot - Search & Destroy.lnk
[2011/10/21 20:18:59 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/21 20:14:13 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/20 22:57:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/20 22:57:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/20 22:57:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/20 22:57:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/20 22:57:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/06/27 12:53:02 | 000,234,855 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/06/19 17:49:20 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2011/06/11 07:16:26 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/06/11 06:54:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/06/05 17:04:12 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/05/20 20:26:33 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/05/20 20:24:44 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/02/21 19:50:52 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/02/21 19:50:52 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/02/21 19:50:52 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/02/21 19:50:52 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/02/21 19:50:52 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/02/21 19:50:52 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/02/21 19:50:52 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/02/21 19:50:52 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/02/21 19:50:52 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/02/21 19:50:52 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/02/21 19:50:52 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/02/21 19:50:52 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/02/21 19:50:52 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/02/21 19:50:52 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/02/21 19:50:52 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/02/21 19:50:52 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/02/21 19:48:52 | 000,000,079 | ---- | C] () -- C:\Windows\ENX625.ini
[2010/08/04 00:14:28 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/08/02 19:52:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/05/08 15:05:06 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini
[2010/01/19 09:31:10 | 000,007,609 | ---- | C] () -- C:\Users\John\AppData\Local\Resmon.ResmonCfg
[2010/01/09 22:27:45 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/01/09 22:27:45 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD5250DN.DAT
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:33:53 | 000,414,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,626,354 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,107,816 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/02/19 00:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2006/09/19 08:07:28 | 000,827,392 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2004/08/13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2004/02/27 15:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini

========== LOP Check ==========

[2010/04/21 20:40:09 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Amazon
[2011/04/03 18:19:22 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AnvSoft
[2011/05/08 07:53:13 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVG
[2010/10/17 19:41:40 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVG10
[2011/09/10 17:27:01 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Bandoo
[2011/02/21 20:29:27 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Epson
[2010/06/06 20:42:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Facebook
[2010/05/10 05:43:41 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\IObit
[2011/02/21 20:04:55 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leader Technologies
[2011/02/21 20:00:27 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leadertech
[2010/05/25 23:11:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\nomp
[2011/04/03 18:19:20 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\OpenCandy
[2010/10/10 09:47:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Opera
[2011/11/06 19:06:21 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
 
OTL Run Fix post boot log

Not sure if this is helpful, but thought I would supply, let me know...


All processes killed
========== OTL ==========
Error: Unable to interpret <:KillAllProcesses> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:0B4227B4> in the current context!
Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs => in the current context!
Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = > in the current context!
Error: Unable to interpret <CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll> in the current context!
Error: Unable to interpret <CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll> in the current context!
Error: Unable to interpret <CHR - plugin: Bandoo (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePl ugin.dll> in the current context!
Error: Unable to interpret <O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found> in the current context!
Error: Unable to interpret <[2010/05/10 05:43:41 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\IObit> in the current context!
Error: Unable to interpret <[2011/04/03 18:19:20 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\OpenCandy> in the current context!
Error: Unable to interpret <[2011/09/10 17:27:01 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Bandoo> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Elisa
->Temp folder emptied: 5174 bytes
->Temporary Internet Files folder emptied: 243976134 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 254691954 bytes
->Flash cache emptied: 29373 bytes

User: Jack
->Temp folder emptied: 6903 bytes
->Temporary Internet Files folder emptied: 589893989 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 10519823 bytes
->Flash cache emptied: 543427 bytes

User: John
->Temp folder emptied: 4157648 bytes
->Temporary Internet Files folder emptied: 102114838 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 30165626 bytes
->Flash cache emptied: 470 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Rina
->Temp folder emptied: 49985 bytes
->Temporary Internet Files folder emptied: 75295735 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 27171588 bytes
->Flash cache emptied: 167170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12770 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,277.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Elisa
->Flash cache emptied: 0 bytes

User: Jack
->Flash cache emptied: 0 bytes

User: John
->Flash cache emptied: 0 bytes

User: Public

User: Rina
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11132011_193557

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
AppData folders explained?

I did some research on the random AppData folders that seem to spawn regularly...here's what I found from the following link - http://www.howtonew.com/empty-folders-on-the-appdata-folder-with-random-names-what-are-those

These folders, located speciffically on “X:\Users\USER\AppData\Local\”, are empty and have random names, and if you don’t want to risk messing with the AppData folder, let me tell you that is completely safe to delete these folders.
These are created every time we open any Windows Live service (Messenger, Writer, Mail…), or at least it happens from the Version 2011 (Build 15.4.3508.1109) to latest, Version 2011 (Build 15.4.3538.513).


I have Windows Live Messenger associated with my user account, so this explanation seems to make some sense. Let me know if you agree. TIA!
 
Nice find! I'm not sure those are from Windows Live though- although they do tend to string out. but it seems to me that last time I saw those entries, 'Windows Live was somewhere in the entry.

The App Data are hidden: open Windows Explorer: right click on Start> Explore
Show Hidden Files and Folders in Windows Vista and Windows 7:
  • Click on the Start button and select Computer
  • Press the Alt key on your keyboard and click on Tools
  • Select Folder Options
  • Click the View tab and make sure that Show hidden files and folders is selected under Hidden files and folders
  • Next, uncheck the box next to Hide protected operating system files (Recommended)
  • Then, uncheck the box next to Hide extensions for known file types
  • Click Apply then click OK

Follow the path opening the 'tree' from Local Drive(C)> your user account> Docs Settings> AppData> right click> Delete the files.

Please be sure to go back to Folder Options> View tab> Check 'don't show hidden files and folders'> Check 'hide protected system files (Recommended)> Apply> OK.
 
Will do, but still have problems...

Addressing the AppData folders does not resolve the viruses, etc. that still seem to have quite a grip on my PC. I still have the search engine redirect issue that I started with, and other strange system behaviors. Are you seeing any evidence of remaining issues in the most recent logs? TIA!
 
Things seemed to be improving as we ran the various scripts, but eventually after time the system degrades back to its original condition with redirect issues and occasional bsod, just as before. Again, do the logs indicate anything?
 
Please run the following:

Download Security Check by screen317 from one of these links:
Link1
Link 2
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=================================

Download CKScanner and save to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
=========================================
I may refer you over to the forum for the BSOD.
This does't make much sense.
 
checkup.txt file...

Results of screen317's Security Check version 0.99.28
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG PC Tuneup 2011
ESET Online Scanner v3
Microsoft Security Essentials
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
AVG PC Tuneup 2011
Java(TM) 6 Update 29
Adobe Flash Player ( 10.3.181.14) Flash Player Out of Date!
Adobe Reader 9 (Adobe Reader out of date!)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Spybot Teatimer.exe is disabled!
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````
 
CKScanner Log

CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\jack\music\itunes\mobile applications\crackle 2.1.ipa
c:\users\john\documents\nutcracker basket.doc
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\install notes.txt
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\activation read me.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autorun.inf
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\epic_eula.dll
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\how to install.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\legalnotices.pdf
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\photoshop at a glance.pdf
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\photoshop new features.pdf
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\read me first.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\setup.exe
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\setup.exe.manifest
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\unicows.dll
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe dng converter\adobe dng 3.0 converter read me.pdf
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe dng converter\adobe dng converter.exe
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe(r) photoshop(r) cs2\0x0409.ini
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe(r) photoshop(r) cs2\abcpy.ini
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe(r) photoshop(r) cs2\adobe photoshop cs2.msi
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe(r) photoshop(r) cs2\data1.cab
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe(r) photoshop(r) cs2\instmsia.exe
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe(r) photoshop(r) cs2\instmsiw.exe
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe(r) photoshop(r) cs2\photoshop read me.wri
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe(r) photoshop(r) cs2\setup.exe
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe(r) photoshop(r) cs2\setup.ini
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe(r) photoshop(r) cs2\bridge\adobe bridge 1.0.msi
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe(r) photoshop(r) cs2\commonfilesinstaller\adobe common file installer.msi
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe(r) photoshop(r) cs2\commonfilesinstaller\data1.cab
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe(r) photoshop(r) cs2\help center\adobe help center 1.0.msi
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\adobe(r) photoshop(r) cs2\stock photography\adobe stock photos 1.0.msi
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eularesda_dk.dll
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eularesde_de.dll
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eularesen_gb.dll
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eularesen_us.dll
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eulareses_es.dll
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eularesfi_fi.dll
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eularesfr_fr.dll
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eularesit_it.dll
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eularesja_jp.dll
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eularesko_kr.dll
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eularesnl_nl.dll
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eularesno_no.dll
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eularespt_br.dll
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eularessv_se.dll
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eulareszh_cn.dll
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\eulareszh_tw.dll
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\main.ini
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\da_dk\lang.dat
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\de_de\lang.dat
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\en_gb\lang.dat
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\en_us\lang.dat
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\es_es\lang.dat
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\fi_fi\lang.dat
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\fr_fr\lang.dat
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\it_it\lang.dat
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\ja_jp\lang.dat
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\ko_kr\lang.dat
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\nl_nl\lang.dat
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\no_no\lang.dat
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\pt_br\lang.dat
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\sv_se\lang.dat
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\zh_cn\lang.dat
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\langdata\zh_tw\lang.dat
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\da_dk\license.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\de_de\license.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\en_gb\license.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\en_us\license.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\es_es\license.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\fi_fi\license.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\fr_fr\license.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\it_it\license.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\ja_jp\license.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\ko_kr\license.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\nl_nl\license.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\no_no\license.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\pt_br\license.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\sv_se\license.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\zh_cn\license.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\legal\adobe photoshop cs2\4.0.0\zh_tw\license.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\autoplay_launchicon.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\blank.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cdicon.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayacrobat_n.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayacrobat_r.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayacrobat_s.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayback_md_n.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayback_md_r.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayback_md_s.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaycd_md_n.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaycd_md_r.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaycd_md_s.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaygeneric_n.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaygeneric_r.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaygeneric_s.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaynew_md_n.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaynew_md_r.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaynew_md_s.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayonline_n.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayonline_r.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayonline_s.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayquit_md_n.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayquit_md_r.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayquit_md_s.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayreadme_md_n.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayreadme_md_r.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplayreadme_md_s.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaysoundoff_md_n.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaysoundoff_md_r.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaysoundoff_md_s.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaysoundon_md_n.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaysoundon_md_r.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaysoundon_md_s.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaysound_md_n.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaytutorial_md_n.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaytutorial_md_r.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\cs2_autoplaytutorial_md_s.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\c_autoplaytour_md_n.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\c_autoplaytour_md_r.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\autoplay\resdata\c_autoplaytour_md_s.ico
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\channel mixer read me.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\channel swaps\cmyk rotate channels back.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\channel swaps\cmyk rotate channels fore.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\channel swaps\cmyk swap cyan&black.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\channel swaps\cmyk swap cyan&magenta.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\channel swaps\cmyk swap cyan&yellow.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\channel swaps\rgb rotate channels.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\channel swaps\rgb swap green&blue.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\channel swaps\rgb swap red&blue.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\channel swaps\rgb swap red&green.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\grayscale\cmyk to gray.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\grayscale\grayscale blues.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\grayscale\grayscale standard.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\grayscale\grayscale yellows.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\grayscale\grayscale yellows2.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\grayscale\rgb inverted grayscale.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\special effects\cmyk holiday wrap.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\special effects\rgb blacklight.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\special effects\rgb blueprint.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\special effects\rgb burnt foliage.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\special effects\rgb easter colors.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\special effects\rgb holiday wrap.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\special effects\rgb inverted warm brass.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\special effects\rgb over saturate.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\special effects\rgb pastels.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\special effects\rgb sepiatone subtle color.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\special effects\rgb sepiatone subtle color2.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\special effects\rgb sepiatone subtle color3.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\special effects\rgb warmer.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\special effects\yellows&blues (rgb or cmyk).cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\ycc color\rgb to ycrcb.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\channel mixer presets\ycc color\ycrcb to rgb.cha
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\custom file info panels\file info panels read me.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\custom file info panels\xmp custom panels.pdf
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\custom file info panels\sample file info panels\custompanel_allwidgets.txt
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\custom file info panels\sample file info panels\description.txt
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ditherbox\dither box filter.pdf
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ditherbox\ditherbox read me.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ditherbox\ditherbx.8bf
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\ffactory.8bf
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\ffactory.wri
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\ffexamp.8bf
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\ffexamp.afs
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\fftutor.pdf
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\filter factory read me.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\filter_factory.pdf
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\lights.8bf
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\lights.afs
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\msvcrt10.dll
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\transparency examples\edittran.8bf
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\transparency examples\edittrns.afs
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\transparency examples\lumopac.8bf
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\transparency examples\lumopac.afs
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\transparency examples\opaclum.8bf
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\transparency examples\opaclum.afs
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\transparency examples\settrans.8bf
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\transparency examples\settrans.afs
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\ffactory\transparency examples\transparency read me.pdf
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\file format\about alias format.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\file format\about electricimage format.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\file format\about iff format.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\file format\about rla format.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\file format\about sgi rgb format.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\file format\about softimage format.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\file format\alias.8bi
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\file format\electricimage.8bi
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\file format\iff format.8bi
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\file format\rla.8bi
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\file format\sgirgb.8bi
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\file format\softimage.8bi
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\filters\3d transform.8bf
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\filters\texture fill.8bf
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\file formats\file formats read me.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\file formats\jpeg2000.8bi
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\file formats\mac paint.8bi
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\file formats\pixpnt8b.8bi
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\hsbhsl\hsbhsl read me.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\hsbhsl\hsbhsl.8bf
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\allownetworkscratch_off_d.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\allownetworkscratch_on.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\allowremovablescrtch_off_d.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\allowremovablescrtch_on.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\alwaysimportclipbd_off_d.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\alwaysimportclipbd_on.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\alwaysshowpalettes_off_d.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\alwaysshowpalettes_on.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\baddriverrgbblitcheck_off.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\baddriverrgbblitcheck_on_d.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\baddriverstickycrsr_off_d.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\baddriverstickycrsr_on.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\blitsinglescanlines_off_d.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\blitsinglescanlines_on.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\brokenlargecursors_off.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\brokenlargecursors_on_d.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\clipboardsizelimit_off.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\clipboardsizelimit_on_d.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\disablescratchcmprs_off_d.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\disablescratchcmprs_on.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\forceprogress_off_d.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\forceprogress_on.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\forcevmcompression_off_d.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\forcevmcompression_on.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\ignoreexifsrgb_off_d.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\ignoreexifsrgb_on.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\optimizeresizedrawing_off.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\optimizeresizedrawing_on_d.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\printpassthrough_norm_d.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\printpassthrough_pass.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\printpassthrough_ps_pass.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\registry keys read me.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\rememberslowfiles_off_d.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\rememberslowfiles_on.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\showwindowsthumbnails_off.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\showwindowsthumbnails_on_d.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\taskdebugging_off_d.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\taskdebugging_on.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\unlimitedpreviews_off_d.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\unlimitedpreviews_on.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\useasyncio_off.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\useasyncio_on_d.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\useasyncscratch_off_d.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\useasyncscratch_on.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\warnsaveprefsfailure_off.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\optional plug-ins\photoshop only\optional extensions\warnsaveprefsfailure_on_d.reg
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\textures for lighting effects\adobep8m.md0
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\textures for lighting effects\adobep8p.tb0
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\textures for lighting effects\adobep8t.tb0
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\textures for lighting effects\textures read me.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\wpg templates read me.html
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal blue & gray\caption.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal blue & gray\frameset.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal blue & gray\indexpage.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal blue & gray\subpage.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal blue & gray\thumbnail.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal dark\caption.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal dark\frameset.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal dark\indexpage.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal dark\subpage.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal dark\thumbnail.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal frame\caption.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal frame\frameset.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal frame\indexpage.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal frame\subpage.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal frame\thumbnail.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal light\caption.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal light\frameset.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal light\indexpage.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal light\subpage.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal light\thumbnail.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal patterned\caption.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal patterned\frameset.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal patterned\indexpage.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal patterned\subpage.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\horizontal patterned\thumbnail.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\table\caption.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\table\indexpage.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\table\subpage.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\table\thumbnail.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\table - blue\caption.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\table - blue\indexpage.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\table - blue\subpage.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\table - blue\thumbnail.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical frame\caption.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical frame\frameset.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical frame\indexpage.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical frame\subpage.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical frame\thumbnail.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical slide show 1\caption.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical slide show 1\frameset.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical slide show 1\indexpage.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical slide show 1\subpage.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical slide show 1\thumbnail.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical slide show 2\caption.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical slide show 2\frameset.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical slide show 2\indexpage.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical slide show 2\subpage.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\goodies\web photo gallery templates\vertical slide show 2\thumbnail.htm
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\help\photoshop help.pdf
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\technical information\scripting guide\applescript reference guide.pdf
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\technical information\scripting guide\javascript reference guide.pdf
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\technical information\scripting guide\photoshop scripting guide.pdf
c:\users\john\downloads\photoshop cs2 v9.0 + working keygen\photoshop cs2\technical information\scripting guide\visualbasic reference guide.pdf
scanner sequence 3.ZZ.11.QLAPFI
----- EOF -----
 
photoshop cs2 v9.0 + working keygen

Piracy is not only illegal, it is a straight road to malware.You are also using the keygen to debug the registry. Moly probably very time you run the you are getting reinfected.

If you want to continue, all pirated programs will have to be removed from the system> this will include the original program.
===============================================
If you decide to continue after the pirated programs and downloads have been removed, please run the following:
Please run the MGA Diagnostics tool
  • You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
  • You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
  • You must choose to Run this tool when prompted.
  • Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
  • If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
  • After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
  • Please return to this thread and Paste the results here for review.
------------------------------------------
This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). If you have one, tell us about the COA. Tell us:

1. What edition of Windows XP is it for, Home, Pro, or Media Center, or another version of Windows?
2. Does it read "OEM Software" or "OEM Product" in black lettering?
3. Or, does it have the computer manufacturer's name in black lettering?
4. DO NOT post the Product Key.

NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.
 
Photoshop gone, MGA Diagnostic run

Photoshop has been removed, installed a year ago, rarely used, now gone.

Here is the result of the MGA diagnostic. Note that I am running Windows 7 Ultmate.


Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-PDV8C-82Q2C-Q9TBP
Windows Product Key Hash: fzHr7Qcx4OW59TS+Q2YCOTPoDxY=
Windows Product ID: 00426-948-0228673-85060
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {D3F74755-C1E2-4A80-AA4F-F8A04786352D}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.110622-1506
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office SharePoint Designer 2007 - 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 7E90FEE8-198-80004005_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{D3F74755-C1E2-4A80-AA4F-F8A04786352D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-Q9TBP</PKey><PID>00426-948-0228673-85060</PID><PIDType>5</PIDType><SID>S-1-5-21-2370536414-983749384-3936569394</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0706 </Version><SMBIOSVersion major="2" minor="5"/><Date>20090629000000.000000+000</Date></BIOS><HWID>B3E63507018400F4</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-0017-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office SharePoint Designer 2007</Name><Ver>12</Ver><Val>51B7424B2FBA6AC</Val><Hash>s2Bf1+Qg55cvGflvg5j5lpBe/J8=</Hash><Pid>84883-854-4674786-62350</Pid><PidType>1</PidType></Product><Product GUID="{91120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>42DA5417F86FEAC</Val><Hash>aJjT03QS8MNE6o59ess+4upGGaY=</Hash><Pid>81599-854-5971992-65194</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="17" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00170-948-022867-00-1033-7600.0000-0092010
Installation ID: 006236940703378566865730280570770124164270099791032483
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: Q9TBP
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 11/23/2011 11:08:49 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 10:25:2011 20:37
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MAAAAAEAAgABAAEAAQACAAAAAQABAAEAJJQqthibIhWSANaDBhzeWZqI4lzuwBh5

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 062909 APIC1419
FACP 062909 FACP1419
HPET 062909 OEMHPET0
MCFG 062909 OEMMCFG
OEMB 062909 OEMB1419
SSDT A M I POWERNOW
 
Back