Solved Firefox playing random audio adverts in the background

[prydemusic]

For a while now I have been suffering from firefox playing random adverts in the background I thought nothing of them until they started getting annoyingly longer I fear it may have something to do with the plugincontainer.exe. your help would be much appreachied in helping me fix this.
I am currently running spybot, Zonealarm and avast on my computer and have done numerous scans in different senarios to try and find the answer but have had no results

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
All required logs have to be PASTED.

If some log exceeds 50,000 characters, split it between couple of posts.
The above rule will be strictly enforced.
Attached logs will NOT be reviewed

 

[prydemusic]

MBAM logs

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5179

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

24/11/2010 07:08:22
mbam-log-2010-11-24 (07-08-22).txt

Scan type: Quick scan
Objects scanned: 150815
Time elapsed: 7 minute(s), 45 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 12
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 7

Memory Processes Infected:
C:\ProgramData\QueryExplorer\queryexplorer119.exe (Adware.QueryExplorer) -> Unloaded process successfully.
C:\Program Files (x86)\QueryExplorer\queryexplorer.exe (Adware.QueryExplorer) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files (x86)\QueryExplorer\queryexplorer.dll (Adware.Agent.Gen) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\shopperreports.reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{0d82acd6-a652-4496-a298-2bde705f4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025e484-d4b0-441a-9f0b-69063bd679ce} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258b35c-05b8-4c0e-9525-9bccc70f8f2d} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a89256ad-ec17-4a83-bef5-4b8bc4f39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmplayer.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QueryExplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QueryExplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QueryExplorer Service (Adware.QueryExplorer) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\srs_it_e8790570b5765d5230af96 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\QueryExplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464} (Adware.QueryExplorer) -> Delete on reboot.
C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\chrome (Adware.QueryExplorer) -> Delete on reboot.
C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\defaults (Adware.QueryExplorer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\defaults\preferences (Adware.QueryExplorer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\QueryExplorer (Adware.QueryExplorer) -> Delete on reboot.

Files Infected:
C:\Program Files (x86)\QueryExplorer\queryexplorer.dll (Adware.Agent.Gen) -> Delete on reboot.
C:\ProgramData\QueryExplorer\queryexplorer119.exe (Adware.QueryExplorer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\QueryExplorer\queryexplorer.exe (Adware.QueryExplorer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\chrome.manifest (Adware.QueryExplorer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\install.rdf (Adware.QueryExplorer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\chrome\queryexplorer.jar (Adware.QueryExplorer) -> Delete on reboot.
C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\defaults\preferences\prefs.js (Adware.QueryExplorer) -> Quarantined and deleted successfully.

 

[prydemusic]

GMER log

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-24 08:02:18
Windows 6.1.7600
Running: rix2mb04.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2B 0x36 0x0C 0x6D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF3 0xE1 0x0C 0x9E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC1 0xE7 0x26 0xF5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x85 0x9A 0xD5 0xBA ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x62 0x6A 0xE4 0xFD ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2B 0x36 0x0C 0x6D ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF3 0xE1 0x0C 0x9E ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC1 0xE7 0x26 0xF5 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x85 0x9A 0xD5 0xBA ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x62 0x6A 0xE4 0xFD ...

---- EOF - GMER 1.0.15 ----

 

[prydemusic]

DDS

DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by Joe at 8:04:19.37 on 24/11/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.4091.2107 [GMT 0:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e19b3ab5cd326817\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e19b3ab5cd326817\AESTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\3\3Connect\BecHelperService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\OEM13Mon.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Joe\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
mURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: AnchorFree Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: AnchorFree Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SpeedConnectStartUp] C:\Program Files (x86)\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe -run
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
mRun: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe
mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
StartupFolder: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk.disabled
StartupFolder: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk.disabled
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk.disabled
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk.disabled
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Edit with Altova X&MLSpy - C:\Program Files (x86)\Altova\XMLSpy2011\spy.htm
IE: {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files (x86)\Altova\XMLSpy2011\spy.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: tms.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: {29B603D5-4F4C-4335-A44E-FEA16739F6B3} = 8.8.8.8,8.8.4.4
TCP: 244584F6D656845726D213234433 = 8.8.8.8,8.8.4.4
TCP: {3BBC5CEE-EC6B-4572-8CC2-7F068C79F530} = 10.25.24.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe
mRun-x64: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 DLACDBHE;DLACDBHE;C:\Windows\System32\drivers\DLACDBHE.SYS [2010-5-25 17776]
R0 DRVECDB;DRVECDB;C:\Windows\System32\drivers\DRVECDB.SYS [2010-5-25 124112]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-25 55856]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-10-23 121936]
R1 DLARTL_E;DLARTL_E;C:\Windows\System32\drivers\DLARTL_E.SYS [2010-5-25 41072]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e19b3ab5cd326817\AESTSr64.exe [2010-5-18 89600]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-10-23 20048]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-10-23 61008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-23 40384]
R2 BecHelperService;BecHelperService;C:\Program Files (x86)\3\3Connect\BecHelperService.exe [2010-9-2 1737464]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 DLABMFSE;DLABMFSE;C:\Windows\System32\drivers\DLABMFSE.SYS [2010-5-25 46448]
R2 DLABOIOE;DLABOIOE;C:\Windows\System32\drivers\DLABOIOE.SYS [2010-5-25 42352]
R2 DLADResE;DLADResE;C:\Windows\System32\drivers\DLADResE.SYS [2010-5-25 9968]
R2 DLAIFS_E;DLAIFS_E;C:\Windows\System32\drivers\DLAIFS_E.SYS [2010-5-25 146672]
R2 DLAOPIOE;DLAOPIOE;C:\Windows\System32\drivers\DLAOPIOE.SYS [2010-5-25 35056]
R2 DLAPoolE;DLAPoolE;C:\Windows\System32\drivers\DLAPoolE.SYS [2010-5-25 19824]
R2 DLAUDF_E;DLAUDF_E;C:\Windows\System32\drivers\DLAUDF_E.SYS [2010-5-25 144112]
R2 DLAUDFAE;DLAUDFAE;C:\Windows\System32\drivers\DLAUDFAE.SYS [2010-5-25 135152]
R2 DRVEDDM;DRVEDDM;C:\Windows\System32\drivers\DRVEDDM.SYS [2010-5-25 63984]
R2 GJService;Game Jackal Server;C:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe [2010-11-14 3043264]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2010-9-2 33528]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2010-9-2 823288]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-7-16 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-23 40384]
R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-23 40384]
R3 MaplomL;MaplomL;C:\Windows\System32\drivers\maploml.sys [2010-11-14 58816]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;C:\Windows\System32\drivers\OEM13Vfx.sys [2007-3-5 12288]
R3 OEM13Vid;Creative Camera OEM013 Driver;C:\Windows\System32\drivers\OEM13Vid.sys [2008-5-28 267296]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-5 291328]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1caf8242e21407d;Google Update Service (gupdate1caf8242e21407d);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-20 133104]
S2 KMService;KMService;C:\Windows\system32\srvany.exe --> C:\Windows\system32\srvany.exe [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-6-12 1038088]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\System32\drivers\ccdcmbox64.sys [2010-2-26 25088]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2010-2-26 12288]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2010-2-26 173056]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\System32\drivers\ccdcmbx64.sys [2010-2-26 19456]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-18 1255736]

=============== Created Last 30 ================

2010-11-24 06:37:19 -------- d-----w- C:\Users\Joe\AppData\Roaming\Malwarebytes
2010-11-24 06:36:13 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-24 06:36:12 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-11-24 06:36:10 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-24 06:36:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-15 06:17:14 -------- d-----w- C:\PROGRA~3\Odeon
2010-11-15 06:17:14 -------- d-----w- C:\Odeon10CombinedDemo
2010-11-15 06:17:08 -------- d-----w- C:\Program Files (x86)\Odeon10CombinedDemo
2010-11-14 02:49:14 -------- d-----w- C:\Users\Joe\AppData\Local\Activision
2010-11-14 02:45:58 540688 ----a-w- C:\Windows\System32\d3dx10_38.dll
2010-11-14 02:32:18 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
2010-11-14 02:26:42 -------- d-----w- C:\Logs
2010-11-14 02:26:37 58816 ----a-w- C:\Windows\System32\drivers\maploml.sys
2010-11-14 02:26:37 34240 ----a-w- C:\Windows\System32\drivers\maplom.sys
2010-11-14 02:26:35 -------- d-----w- C:\Program Files (x86)\SlySoft
2010-11-13 23:57:10 -------- d-----w- C:\Program Files (x86)\PowerISO
2010-11-04 13:32:11 -------- d-----w- C:\Perl64
2010-11-04 13:25:46 -------- d-----w- C:\wepcrack
2010-11-03 13:22:03 -------- d-----w- C:\aircrack-ng-1.1-win
2010-10-28 03:12:49 -------- d-----w- C:\Program Files (x86)\Common Files\Altova
2010-10-28 03:12:49 -------- d-----w- C:\Program Files (x86)\Altova
2010-10-28 03:12:23 -------- d-----w- C:\PROGRA~3\Altova
2010-10-28 02:32:42 -------- d-----w- C:\Windows\Downloaded Installations
2010-10-25 23:48:17 -------- d-----w- C:\Users\Joe\AppData\Local\FalloutNV
2010-10-25 22:32:20 -------- d-----w- C:\Windows\IswTmp

==================== Find3M ====================

2010-11-24 07:25:53 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2010-11-24 07:25:51 57752 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2010-10-24 01:05:16 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll
2010-10-14 01:36:52 15451288 ----a-w- C:\Windows\SysWow64\xlive.dll
2010-10-14 01:36:50 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
2010-10-06 16:15:00 218496 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2010-10-06 16:15:00 218496 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2010-09-27 18:52:35 730480 ----a-w- C:\Windows\SysWow64\Setup.exe
2010-09-27 18:52:09 726384 ----a-w- C:\Windows\SysWow64\AutoRun.exe
2010-09-24 20:02:42 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2010-09-24 20:01:59 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2010-09-22 19:19:02 56832 ----a-w- C:\Windows\System32\drivers\HssDrv.sys
2010-09-22 19:19:02 37888 ----a-w- C:\Windows\System32\drivers\taphss.sys
2010-09-20 15:14:54 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2010-09-15 16:18:53 2601752 ----a-w- C:\Windows\SysWow64\pbsvc_moh.exe
2010-09-10 02:57:14 282624 ----a-w- C:\Windows\SysWow64\tms.dll
2010-09-08 10:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-07 15:12:17 38848 ----a-w- C:\Windows\avastSS.scr
2010-09-07 14:47:33 61008 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2010-09-06 14:05:54 610304 ----a-r- C:\Windows\SysWow64\XmlSpyLib.dll
2010-09-02 17:25:05 71259 ----a-w- C:\Windows\Huawei ModemsUninstall.exe
2010-09-02 08:20:54 1238528 ----a-w- C:\Windows\SysWow64\zpeng25.dll
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

============= FINISH: 8:05:19.95 ===============

 

[prydemusic]

DDS attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 25/05/2010 13:54:36
System Uptime: 24/11/2010 07:25:18 (1 hours ago)

Motherboard: Dell Inc. | | 0P369J
Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz | U2E1 | 2401/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 39.965 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
I: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&58CFC51&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&58CFC51&0&01
Service: vwifimp

Class GUID:
Description: Mass Storage Controller
Device ID: PCI\VEN_1217&DEV_8130&SUBSYS_02C01028&REV_01\4&1B364FDD&0&02E4
Manufacturer:
Name: Mass Storage Controller
PNP Device ID: PCI\VEN_1217&DEV_8130&SUBSYS_02C01028&REV_01\4&1B364FDD&0&02E4
Service:

==== System Restore Points ===================

RP114: 14/11/2010 02:32:31 - Device Driver Package Install: Elaborate Bytes AG Storage controllers
RP115: 14/11/2010 02:43:58 - Installed DirectX
RP116: 17/11/2010 03:00:13 - Windows Update

==== Installed Programs ======================

3Connect
7-Zip 4.65
Acrobat.com
Activision(R)
Adobe Acrobat 9.2.0 - CPSID_50026
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Download Manager
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 9.4.0
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Akamai NetSession Interface
Altova MissionKit® 2011 for Enterprise XML Developers
Apple Application Support
Apple Software Update
Ask Toolbar
avast! Free Antivirus
Battlefield: Bad Company™ 2
BingoLinerUK
Blur(TM)
BufferChm
Call of Duty: Black Ops
Capture NX 2
Connect
Copy
Dell Driver Download Manager
Dell Resource CD
Destinations
DeviceDiscovery
DivX Codec
DivX Setup
DJ_AIO_03_F2200_Software_Min
DJ_SF_06_D1600_SW_Min
EAX Unified
eReg
F2200
Fallout: New Vegas
File Uploader
FileZilla Client 3.3.5
Garmin City Navigator Europe v8
GIMP 2.6.8
Google Chrome
Google Earth Plug-in
Google Update Helper
GPBaseService2
GUNDAM MOD 3.0
Homeworld2
Hotspot Shield 1.52
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Huawei modem
IDT Audio
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 21
Juiced2_HIN
Junk Mail filter update
King Arthur
kuler
Macromedia FreeHand MXa
Mafia
Mafia II
Mafia II DLC Jimmy's Vendetta
Mafia II Update 1
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Business 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server System CLR Types
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual Studio 2010 Shell (Isolated) - ENU
mIRC
Mozilla Firefox (3.6.12)
MSVC80_x86_v2
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Napoleon: Total War
Nikon Message Center
Nikon Transfer
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Software Updater
Notepad++
NVIDIA PhysX
Odeon 10 CombinedDemo (remove only)
openlp.org 1.2.4
OpenOffice.org 3.2
Orca
PC Alarm Clock
PC Connectivity Solution
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
PowerDVD DX
PowerISO
PunkBuster Services
QuickTime
R.U.S.E. Demo
RarZilla Free Unrar
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Sid Meier's Civilization V
Sid Meier's Civilization V SDK
Skype Toolbars
Skype™ 4.2
SkyPlayer for Windows Media Center
SmartWebPrinting
Sniper Ghost Warrior
Sol Survivor
SolutionCenter
Sonic CinePlayer Decoder Pack
SpeedConnect Internet Accelerator v.7.5
Spotify
Spybot - Search & Destroy
Status
Steam
Suite Shared Configuration CS4
The Movies(TM)
The Movies(TM) Stunts & Effects
Toolbox
TrayApp
Trillian
TuneUp Companion 1.8.1
UnloadSupport
VC80CRTRedist - 8.0.50727.4053
VirtualCloneDrive
VLC media player 1.1.4
Vuze
WebReg
Windows Live Essentials
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Xvid 1.2.1 final uninstall
ZionWorx
ZoneAlarm

==== Event Viewer Messages From Past Week ========

24/11/2010 08:04:25, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
24/11/2010 07:26:00, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SCDEmu
24/11/2010 07:25:28, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\SCDEmu.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
24/11/2010 07:08:18, Error: Service Control Manager [7034] - The QueryExplorer Service service terminated unexpectedly. It has done this 1 time(s).
21/11/2010 01:34:54, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 0, function 0. Please contact your system vendor for technical assistance.
20/11/2010 16:38:51, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000008, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c9b0d6). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112010-22479-01.

==== End Of File ===========================

 

[Broni]

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
• Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

• Open SUPERAntiSpyware.
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

Post SUPERAntiSpyware log.

 

[prydemusic]

mbr check

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Vostro 1720
Logical Drives Mask: 0x0001017c

Kernel Drivers (total 230):
0x02C67000 \SystemRoot\system32\ntoskrnl.exe
0x02C1E000 \SystemRoot\system32\hal.dll
0x00BBB000 \SystemRoot\system32\kdcom.dll
0x00C86000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CCA000 \SystemRoot\system32\PSHED.dll
0x00CDE000 \SystemRoot\system32\CLFS.SYS
0x00D3C000 \SystemRoot\system32\CI.dll
0x00E8F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F33000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x010D4000 \SystemRoot\System32\Drivers\spll.sys
0x01000000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x01009000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01038000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x0108F000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x01099000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F42000 \SystemRoot\system32\DRIVERS\pci.sys
0x010A6000 \SystemRoot\System32\drivers\partmgr.sys
0x010BB000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x010C4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00F75000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F8A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FE6000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E00000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00E09000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00E33000 \SystemRoot\system32\DRIVERS\msahci.sys
0x00E3E000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00E4E000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00C00000 \SystemRoot\system32\drivers\fltmgr.sys
0x00E59000 \SystemRoot\system32\drivers\fileinfo.sys
0x010D0000 \SystemRoot\System32\Drivers\DLACDBHE.SYS
0x00E6D000 \SystemRoot\System32\Drivers\DRVECDB.SYS
0x00C4C000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01238000 \SystemRoot\System32\Drivers\Ntfs.sys
0x014C5000 \SystemRoot\System32\Drivers\msrpc.sys
0x01523000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0153D000 \SystemRoot\System32\Drivers\cng.sys
0x015B0000 \SystemRoot\System32\drivers\pcw.sys
0x015C1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01630000 \SystemRoot\system32\drivers\ndis.sys
0x01722000 \SystemRoot\system32\drivers\NETIO.SYS
0x01782000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01803000 \SystemRoot\System32\drivers\tcpip.sys
0x017AD000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01600000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01400000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01610000 \SystemRoot\System32\Drivers\spldr.sys
0x0144C000 \SystemRoot\System32\drivers\rdyboost.sys
0x01618000 \SystemRoot\System32\Drivers\mup.sys
0x017F7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01486000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x015CB000 \SystemRoot\system32\DRIVERS\disk.sys
0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x00C59000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02CE8000 \SystemRoot\System32\Drivers\Null.SYS
0x02CF1000 \SystemRoot\System32\Drivers\Beep.SYS
0x02CF8000 \SystemRoot\System32\Drivers\DLARTL_E.SYS
0x02D01000 \SystemRoot\System32\drivers\vga.sys
0x02D0F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02D34000 \SystemRoot\System32\drivers\watchdog.sys
0x02D44000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02D4D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02D56000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02D5F000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02D6A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02D7B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02D99000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02DA6000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x02C00000 \SystemRoot\system32\drivers\afd.sys
0x02C8A000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x02C94000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03ADB000 \SystemRoot\system32\DRIVERS\vsdatant.sys
0x03B70000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x03B7B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03B84000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03BAA000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03BC0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03BCF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03BEA000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03A00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03A51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03A5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03A68000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x03A73000 \SystemRoot\System32\drivers\discache.sys
0x03C3A000 \SystemRoot\system32\drivers\csc.sys
0x03CBD000 \SystemRoot\System32\Drivers\dfsc.sys
0x03CDB000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03CEC000 \SystemRoot\System32\Drivers\aswSP.SYS
0x03D0F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04844000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0533A000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x03EEB000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03E00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03E46000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03E53000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03EA9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03EBA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0533C000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04063000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x0430B000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04318000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04356000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x04376000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0437B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04399000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x043A8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x043B7000 \SystemRoot\System32\Drivers\MaplomL.SYS
0x043C9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x043D6000 \SystemRoot\System32\Drivers\Maplom.SYS
0x04000000 \SystemRoot\System32\Drivers\aclrir2z.SYS
0x04045000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x043E2000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03FDF000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05387000 \SystemRoot\system32\DRIVERS\HssDrv.sys
0x053A0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x043F2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x053C4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04800000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0481B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03D35000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03EDE000 \SystemRoot\system32\DRIVERS\taphss.sys
0x03FF5000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x03D4F000 \SystemRoot\system32\DRIVERS\VClone.sys
0x043FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03D5E000 \SystemRoot\system32\DRIVERS\ks.sys
0x03DA1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05812000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0586C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05881000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x058FC000 \SystemRoot\system32\DRIVERS\portcls.sys
0x05939000 \SystemRoot\system32\DRIVERS\drmk.sys
0x0595B000 \SystemRoot\system32\drivers\ksthunk.sys
0x000D0000 \SystemRoot\System32\win32k.sys
0x05961000 \SystemRoot\System32\drivers\Dxapi.sys
0x0596D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0598A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0598C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0599A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x059A6000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x059B1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x03DB3000 \SystemRoot\system32\DRIVERS\OEM13Vid.sys
0x059C4000 \SystemRoot\system32\DRIVERS\OEM13Vfx.sys
0x059CD000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x059DB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x059F4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x03C00000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x05800000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x03C14000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x03C28000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x005F0000 \SystemRoot\System32\TSDDD.dll
0x00740000 \SystemRoot\System32\ATMFD.DLL
0x009B0000 \SystemRoot\System32\cdd.dll
0x03A90000 \SystemRoot\system32\drivers\luafv.sys
0x02DB6000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x053F3000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x03AB3000 \SystemRoot\System32\Drivers\DRVEDDM.SYS
0x0580D000 \SystemRoot\System32\Drivers\DLADResE.SYS
0x013DB000 \SystemRoot\System32\Drivers\DLAIFS_E.SYS
0x0405B000 \SystemRoot\System32\Drivers\DLAOPIOE.SYS
0x0580E000 \SystemRoot\System32\Drivers\DLAPoolE.SYS
0x03DF5000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
0x046A0000 \SystemRoot\system32\drivers\WudfPf.sys
0x046C1000 \SystemRoot\System32\Drivers\DLABMFSE.SYS
0x046CB000 \SystemRoot\System32\Drivers\DLABOIOE.SYS
0x046D4000 \SystemRoot\System32\Drivers\DLAUDFAE.SYS
0x046F4000 \SystemRoot\System32\Drivers\DLAUDF_E.SYS
0x04716000 \SystemRoot\system32\DRIVERS\RMCAST.sys
0x04750000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04765000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x047B8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x047CB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x047E3000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
0x06E56000 \SystemRoot\system32\drivers\HTTP.sys
0x06F1E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x06F3C000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06F54000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06F81000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06FCF000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06E00000 \SystemRoot\System32\Drivers\adfs.SYS
0x0862D000 \SystemRoot\system32\drivers\peauth.sys
0x086D3000 \SystemRoot\System32\Drivers\secdrv.SYS
0x086DE000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
0x08795000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
0x08600000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x087E2000 \SystemRoot\System32\drivers\tcpipreg.sys
0x04600000 \SystemRoot\System32\DRIVERS\srv2.sys
0x087F4000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
0x092CD000 \SystemRoot\System32\DRIVERS\srv.sys
0x09363000 \SystemRoot\system32\drivers\spsys.sys
0x093D4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x093E2000 \SystemRoot\system32\drivers\MSPQM.sys
0x77480000 \Windows\System32\ntdll.dll
0x47A60000 \Windows\System32\smss.exe
0xFF7A0000 \Windows\System32\apisetschema.dll
0xFF9B0000 \Windows\System32\autochk.exe
0xFF6B0000 \Windows\System32\advapi32.dll
0xFF6A0000 \Windows\System32\lpk.dll
0x77380000 \Windows\System32\user32.dll
0xFF620000 \Windows\System32\difxapi.dll
0xFF4F0000 \Windows\System32\wininet.dll
0xFF370000 \Windows\System32\urlmon.dll
0xFE5E0000 \Windows\System32\shell32.dll
0xFE4B0000 \Windows\System32\rpcrt4.dll
0xFE2A0000 \Windows\System32\ole32.dll
0xFE280000 \Windows\System32\imagehlp.dll
0xFE1E0000 \Windows\System32\clbcatq.dll
0xFDF80000 \Windows\System32\iertutil.dll
0xFDEE0000 \Windows\System32\msvcrt.dll
0x77260000 \Windows\System32\kernel32.dll
0xFDE60000 \Windows\System32\shlwapi.dll
0xFDE10000 \Windows\System32\ws2_32.dll
0x77650000 \Windows\System32\psapi.dll
0xFDD40000 \Windows\System32\usp10.dll
0xFDD20000 \Windows\System32\sechost.dll
0xFDC40000 \Windows\System32\oleaut32.dll
0xFDBA0000 \Windows\System32\comdlg32.dll
0xFDB30000 \Windows\System32\gdi32.dll
0xFDB20000 \Windows\System32\nsi.dll
0x77640000 \Windows\System32\normaliz.dll
0xFDAF0000 \Windows\System32\imm32.dll
0xFDAA0000 \Windows\System32\Wldap32.dll
0xFD8C0000 \Windows\System32\setupapi.dll
0xFD7B0000 \Windows\System32\msctf.dll
0xFD770000 \Windows\System32\cfgmgr32.dll
0xFD600000 \Windows\System32\crypt32.dll
0xFD590000 \Windows\System32\KernelBase.dll
0xFD550000 \Windows\System32\wintrust.dll
0xFD530000 \Windows\System32\devobj.dll
0xFD490000 \Windows\System32\comctl32.dll
0xFD480000 \Windows\System32\msasn1.dll
0x76960000 \Windows\SysWOW64\normaliz.dll

Processes (total 83):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
456 csrss.exe
516 C:\Windows\System32\wininit.exe
528 csrss.exe
564 C:\Windows\System32\services.exe
580 C:\Windows\System32\lsass.exe
588 C:\Windows\System32\lsm.exe
712 C:\Windows\System32\svchost.exe
856 C:\Windows\System32\nvvsvc.exe
936 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
108 C:\Windows\System32\svchost.exe
468 C:\Windows\System32\svchost.exe
336 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e19b3ab5cd326817\stacsv64.exe
1140 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\svchost.exe
1344 C:\Windows\System32\winlogon.exe
1500 C:\Windows\System32\nvvsvc.exe
1732 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1760 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
1240 C:\Windows\System32\spoolsv.exe
1208 C:\Windows\System32\svchost.exe
1572 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e19b3ab5cd326817\AESTSr64.exe
1664 C:\Windows\SysWOW64\svchost.exe
2132 C:\Program Files (x86)\3\3Connect\BecHelperService.exe
2188 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2244 C:\Windows\System32\svchost.exe
2272 C:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe
2324 C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
2348 C:\Windows\SysWOW64\svchost.exe
2384 C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
2424 C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2616 C:\Windows\SysWOW64\PnkBstrA.exe
2640 C:\Windows\SysWOW64\rpcnet.exe
2976 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
3000 C:\Windows\System32\svchost.exe
3048 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2532 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
3196 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
3548 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3588 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
3712 C:\Windows\System32\SearchIndexer.exe
3996 C:\Windows\System32\svchost.exe
3636 C:\Windows\System32\sppsvc.exe
2392 C:\Windows\System32\taskhost.exe
4244 C:\Windows\System32\dwm.exe
4272 C:\Windows\explorer.exe
4520 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
4540 C:\Windows\System32\rundll32.exe
4556 C:\Program Files\Logitech\SetPointP\SetPoint.exe
4572 C:\Program Files\IDT\WDM\sttray64.exe
4608 C:\Program Files (x86)\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe
4628 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
4636 C:\Program Files (x86)\Steam\Steam.exe
4832 C:\Windows\OEM13Mon.exe
4852 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
4876 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
4920 C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
4948 C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
4992 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
4224 C:\Program Files\Logitech\SetPointG\SetPointII.exe
1996 C:\Windows\System32\svchost.exe
4076 C:\Program Files\Windows Media Player\wmpnetwk.exe
5840 dllhost.exe
5388 C:\Windows\System32\svchost.exe
5572 C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
6028 C:\Windows\SysWOW64\ctfmon.exe
1316 C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
5268 C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
5992 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3268 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
4516 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
7912 C:\Windows\System32\audiodg.exe
1908 WmiPrvSE.exe
5172 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2100 C:\Program Files\iPod\bin\iPodService.exe
7580 C:\Program Files (x86)\iTunes\iTunesHelper.exe
7436 MpCmdRun.exe
1668 C:\Users\Joe\Downloads\MBRCheck.exe
6092 C:\Windows\System32\conhost.exe
6392 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: FUJITSUMHZ2320BJFFSG2, Rev: 0085001C

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

 

[Broni]

Go on...........

 

[prydemusic]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/26/2010 at 06:01 PM

Application Version : 4.46.1000

Core Rules Database Version : 5916
Trace Rules Database Version: 3728

Scan type : Complete Scan
Total Scan Time : 00:51:31

Memory items scanned : 350
Memory threats detected : 0
Registry items scanned : 14798
Registry threats detected : 0
File items scanned : 57198
File threats detected : 504

Adware.Tracking Cookie
[omitted - Broni]

Trojan.Agent/Gen-FraudLoad
C:\USERS\JOE\DESKTOP\LEFT 4 DEAD 2\LEFT4DEAD2\SOUND\GLOBE CONVERTER.EXE

 

[Broni]

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[prydemusic]

OTL

OTL logfile created on: 26/11/2010 22:45:29 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Joe\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 41.86 Gb Free Space | 14.05% Space Free | Partition Type: NTFS

Computer Name: JOES-PC | User Name: Joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/26 22:43:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
PRC - [2010/11/23 16:36:36 | 000,740,144 | ---- | M] (Pinball Corporation.) -- C:\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\ClickPotatoLiteSA.exe
PRC - [2010/11/17 04:53:04 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010/10/30 10:17:44 | 003,043,264 | ---- | M] () -- C:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe
PRC - [2010/10/29 16:03:39 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/29 16:03:31 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/23 16:15:18 | 000,350,256 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2010/09/22 23:25:24 | 000,107,568 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2010/09/22 23:24:22 | 000,265,776 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2010/09/22 19:19:06 | 000,325,168 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2010/09/07 15:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/09/02 08:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2010/09/02 08:21:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/05/25 13:14:13 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2010/05/18 17:38:45 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/04/24 00:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 00:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/02/06 13:48:40 | 000,603,136 | ---- | M] (CBS Software) -- C:\Program Files (x86)\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe
PRC - [2010/01/28 12:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files (x86)\3\3Connect\BecHelperService.exe
PRC - [2009/06/17 11:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/07 16:00:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM13Mon.exe
PRC - [2006/09/11 03:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe


========== Modules (SafeList) ==========

MOD - [2010/11/26 22:43:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
MOD - [2010/09/02 12:26:22 | 000,640,504 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll
MOD - [2010/08/21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/12/29 06:55:34 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
MOD - [2009/06/10 21:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2009/06/10 21:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\srvany.exe -- (KMService)
SRV:64bit: - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/02 12:26:32 | 000,823,288 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2010/06/29 17:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/06/12 23:01:27 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/01/29 21:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/16 01:47:20 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e19b3ab5cd326817\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/03 01:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e19b3ab5cd326817\AESTSr64.exe -- (AESTFilters)
SRV - [2010/11/23 02:09:56 | 003,020,376 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_5632d69.dll -- (Akamai)
SRV - [2010/10/30 10:17:44 | 003,043,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe -- (GJService)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/23 16:15:18 | 000,350,256 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010/09/22 23:25:28 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/09/22 23:24:22 | 000,265,776 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010/09/22 19:19:06 | 000,325,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010/09/02 08:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/09/01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/08/09 10:52:16 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/06/12 22:59:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/25 13:14:13 | 000,057,752 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2010/05/20 04:47:23 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2010/05/18 17:38:45 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/04/24 00:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 00:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 12:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\3\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2009/07/16 16:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/15 04:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/22 19:19:02 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv)
DRV:64bit: - [2010/09/22 19:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010/09/07 14:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/09/02 12:26:10 | 000,033,528 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2010/07/12 18:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/05/25 13:18:40 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/05/15 15:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2010/04/24 00:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 00:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 00:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 00:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/02/26 13:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010/02/26 13:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/02/26 13:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010/02/26 13:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2010/02/26 13:21:22 | 000,173,056 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2010/02/26 13:21:20 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2010/02/17 18:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 18:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/28 12:34:32 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/12/17 22:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/11/10 11:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/11/10 11:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/11/05 13:15:40 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/10 02:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/08/09 21:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/16 01:47:20 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/14 01:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 01:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:09:15 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2009/07/14 00:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/07/07 23:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 20:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 15:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/05/28 16:01:00 | 000,267,296 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM13Vid.sys -- (OEM13Vid)
DRV:64bit: - [2007/07/23 14:05:22 | 000,009,968 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLADResE.SYS -- (DLADResE)
DRV:64bit: - [2007/07/23 14:05:12 | 000,135,152 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAUDFAE.SYS -- (DLAUDFAE)
DRV:64bit: - [2007/07/23 14:05:12 | 000,046,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLABMFSE.SYS -- (DLABMFSE)
DRV:64bit: - [2007/07/23 14:05:10 | 000,144,112 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAUDF_E.SYS -- (DLAUDF_E)
DRV:64bit: - [2007/07/23 14:05:08 | 000,035,056 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAOPIOE.SYS -- (DLAOPIOE)
DRV:64bit: - [2007/07/23 14:05:06 | 000,042,352 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLABOIOE.SYS -- (DLABOIOE)
DRV:64bit: - [2007/07/23 14:05:06 | 000,019,824 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAPoolE.SYS -- (DLAPoolE)
DRV:64bit: - [2007/07/23 14:05:04 | 000,146,672 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAIFS_E.SYS -- (DLAIFS_E)
DRV:64bit: - [2007/07/23 13:55:46 | 000,124,112 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DRVECDB.SYS -- (DRVECDB)
DRV:64bit: - [2007/07/23 13:49:50 | 000,041,072 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\SysNative\drivers\DLARTL_E.SYS -- (DLARTL_E)
DRV:64bit: - [2007/07/23 13:49:50 | 000,017,776 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DLACDBHE.SYS -- (DLACDBHE)
DRV:64bit: - [2007/07/23 13:43:46 | 000,063,984 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DRVEDDM.SYS -- (DRVEDDM)
DRV:64bit: - [2007/03/05 09:55:48 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM13Vfx.sys -- (OEM13Vfx)
DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2006/03/18 02:24:59 | 000,026,844 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\scdemu.sys -- (SCDEmu)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF 46 1B 73 8C 71 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: cnextend@babelphish.net:1.4.8
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.624.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/16 10:02:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/08/28 16:05:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010/10/23 16:41:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\firefox\extensions [2010/11/26 21:59:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/15 09:11:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/26 21:59:56 | 000,000,000 | ---D | M]

[2010/05/25 12:59:31 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Extensions
[2010/11/26 22:01:06 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions
[2010/11/05 16:37:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/11/18 21:22:11 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010/10/15 15:25:51 | 000,000,000 | ---D | M] (TwitterBar) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
[2010/05/23 16:02:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/23 16:02:30 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2010/08/14 10:45:34 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/05/23 16:02:30 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2010/05/20 12:49:23 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010/07/23 10:03:03 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/11/13 17:18:05 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2010/11/05 16:37:13 | 000,000,000 | ---D | M] (Firefox Showcase) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2010/10/23 16:40:54 | 000,000,000 | ---D | M] (ZoneAlarm Security Toolbar) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2010/05/23 16:02:30 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/10/15 15:25:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/22 07:47:42 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2010/11/05 16:37:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/09 15:25:14 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/10/27 23:57:33 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/10/27 18:20:56 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/11/12 16:47:39 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010/05/23 16:02:30 | 000,000,000 | ---D | M] (IE View Lite) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}
[2010/05/23 16:02:30 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\aging-tabs@design-noir.de
[2010/11/05 16:37:13 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\autopager@mozilla.org
[2010/09/03 23:53:22 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\chromeview@systemantics.net
[2010/08/20 13:07:45 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\cnextend@babelphish.net
[2010/11/05 16:37:14 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\elemhidehelper@adblockplus.org
[2010/05/23 15:48:46 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\glasser@sixxgate.com
[2010/06/19 15:23:54 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\piclens@cooliris.com
[2010/06/19 15:23:54 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\piclens@cooliris.com-trash
[2010/05/23 16:02:30 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\safariviewwin@systemantics.net
[2010/11/12 16:47:39 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\SkipScreen@SkipScreen
[2010/11/10 04:25:10 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\smarterwiki@wikiatic.com
[2010/10/30 07:05:32 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\toolbar@ask.com
[2010/11/24 07:28:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/23 16:42:22 | 000,087,344 | ---- | M] (Pinball Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
[2010/08/25 00:24:53 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/08/25 00:24:53 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/08/25 00:24:53 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/08/25 00:24:53 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AnchorFree Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AnchorFree Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AnchorFree Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ClickPotatoLiteSA] C:\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\ClickPotatoLiteSA.exe (Pinball Corporation.)
O4 - HKLM..\Run: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [SpeedConnectStartUp] C:\Program Files (x86)\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe (CBS Software)
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk.disabled ()
O4 - Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files (x86)\Altova\XMLSpy2011\spy.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files (x86)\Altova\XMLSpy2011\spy.htm ()
O9 - Extra Button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files (x86)\Altova\XMLSpy2011\spy.htm ()
O9 - Extra 'Tools' menuitem : Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files (x86)\Altova\XMLSpy2011\spy.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - C:\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\ClickPotatoLiteSABHO.dll (Pinball Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{26172ca7-ef82-11df-8524-0024e8bb7dcc}\Shell\AutoRun\command - "" = I:\SETUP.EXE -- File not found
O33 - MountPoints2\{8418cab5-6803-11df-ad6f-00225fca58dd}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{cbf0d984-a913-11df-85bd-00225fca58dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{cbf0d988-a913-11df-85bd-00225fca58dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{cbf0d9ba-a913-11df-85bd-0024e8bb7dcc}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{f22e51ae-a5b7-11df-a9e6-0024e8bb7dcc}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{f22e51b7-a5b7-11df-a9e6-0024e8bb7dcc}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{fe09bfb1-bb9c-11df-a8b0-0024e8bb7dcc}\Shell\AutoRun\command - "" = F:\steambackup.exe -- File not found
O33 - MountPoints2\{fe09bfb2-bb9c-11df-a8b0-0024e8bb7dcc}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivXNetworks, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

 

[prydemusic]

========== Files/Folders - Created Within 30 Days ==========

[2010/11/26 22:43:06 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
[2010/11/26 21:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ClickPotatoLiteSA
[2010/11/26 21:59:55 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\ClickPotatoLite
[2010/11/26 21:59:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ClickPotatoLite
[2010/11/26 21:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
[2010/11/25 11:43:18 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\SUPERAntiSpyware.com
[2010/11/25 11:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/11/25 11:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/11/25 11:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/25 11:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/25 11:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/24 06:37:19 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Malwarebytes
[2010/11/24 06:36:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/24 06:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/24 06:36:10 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/24 06:36:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/24 04:46:10 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\Microsoft Office 2007
[2010/11/20 16:38:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/11/15 06:17:14 | 000,000,000 | ---D | C] -- C:\Odeon10CombinedDemo
[2010/11/15 06:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Odeon
[2010/11/15 06:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Odeon10CombinedDemo
[2010/11/14 02:49:14 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\Activision
[2010/11/14 02:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2010/11/14 02:26:42 | 000,000,000 | ---D | C] -- C:\Logs
[2010/11/14 02:26:37 | 000,058,816 | ---- | C] (SlySoft Inc.) -- C:\Windows\SysNative\drivers\maploml.sys
[2010/11/14 02:26:37 | 000,034,240 | ---- | C] (SlySoft Inc.) -- C:\Windows\SysNative\drivers\maplom.sys
[2010/11/14 02:26:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft
[2010/11/13 23:57:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2010/11/04 13:32:11 | 000,000,000 | ---D | C] -- C:\Perl64
[2010/11/04 13:25:46 | 000,000,000 | ---D | C] -- C:\wepcrack
[2010/11/03 13:22:03 | 000,000,000 | ---D | C] -- C:\aircrack-ng-1.1-win
[2010/10/28 03:14:47 | 000,000,000 | ---D | C] -- C:\Users\Joe\Documents\Altova
[2010/10/28 03:12:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Altova
[2010/10/28 03:12:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Altova
[2010/10/28 03:12:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Altova
[2010/10/28 02:32:42 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/26 22:43:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
[2010/11/26 22:16:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/26 22:16:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/26 22:04:55 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/26 22:04:55 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/26 18:04:35 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2010/11/26 18:04:35 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010/11/26 18:04:34 | 000,000,044 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/11/26 18:04:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/26 18:04:19 | 3217,256,448 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/26 18:04:12 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2010/11/26 18:04:12 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2010/11/26 11:46:09 | 000,023,609 | ---- | M] () -- C:\Users\Joe\Desktop\R-31469.tif
[2010/11/26 11:44:29 | 000,779,080 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/26 11:44:29 | 000,664,572 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/26 11:44:29 | 000,125,018 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/25 11:43:12 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/25 11:20:24 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/24 06:36:16 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/22 16:11:33 | 000,000,447 | ---- | M] () -- C:\Users\Joe\Desktop\tcirc.html
[2010/11/21 16:13:09 | 000,000,461 | ---- | M] () -- C:\Users\Joe\Desktop\apply.html
[2010/11/21 15:40:29 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2010/11/20 16:38:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\cd.dat
[2010/11/20 16:38:37 | 555,666,053 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/20 06:45:28 | 000,612,029 | ---- | M] () -- C:\Users\Joe\Desktop\Untitled.png
[2010/11/15 11:40:04 | 000,015,872 | ---- | M] () -- C:\Users\Joe\Desktop\Copy of initial analysis.xls
[2010/11/15 11:39:52 | 000,145,920 | ---- | M] () -- C:\Users\Joe\Desktop\principles of acoustics.doc
[2010/11/15 11:39:23 | 000,019,456 | ---- | M] () -- C:\Users\Joe\Desktop\Copy of suggested analysis.xls
[2010/11/15 11:38:05 | 000,115,836 | ---- | M] () -- C:\Users\Joe\Desktop\principles of acoustics.odt
[2010/11/15 11:29:57 | 000,031,203 | ---- | M] () -- C:\Users\Joe\Desktop\Copy of suggested analysis.ods
[2010/11/15 06:17:24 | 000,001,071 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Odeon.lnk
[2010/11/15 06:17:24 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\Odeon.lnk
[2010/11/15 05:16:50 | 000,029,471 | ---- | M] () -- C:\Users\Joe\Desktop\Copy of initial analysis.ods
[2010/11/14 02:43:34 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty - Black Ops Call MP.lnk
[2010/11/14 02:43:34 | 000,002,200 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty - Black Ops.lnk
[2010/11/14 02:33:08 | 000,001,254 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2010/11/13 22:13:22 | 001,444,384 | ---- | M] () -- C:\Users\Joe\Desktop\1992-10.pdf
[2010/11/05 02:17:03 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/10/30 10:17:14 | 000,058,816 | ---- | M] (SlySoft Inc.) -- C:\Windows\SysNative\drivers\maploml.sys
[2010/10/30 10:16:56 | 000,034,240 | ---- | M] (SlySoft Inc.) -- C:\Windows\SysNative\drivers\maplom.sys
[2010/10/29 02:58:56 | 000,039,015 | ---- | M] () -- C:\Users\Joe\Desktop\at-first-i-was-like.jpg
[2010/10/28 03:46:16 | 000,016,917 | ---- | M] () -- C:\Users\Joe\Desktop\sorttable.js
[2010/10/28 03:14:32 | 000,003,077 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Altova SemanticWorks.lnk
[2010/10/28 03:14:32 | 000,003,061 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Altova StyleVision.lnk
[2010/10/28 03:14:32 | 000,003,059 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Altova SchemaAgent.lnk
[2010/10/28 03:14:32 | 000,003,053 | ---- | M] () -- C:\Users\Public\Desktop\Altova SemanticWorks.lnk
[2010/10/28 03:14:32 | 000,003,037 | ---- | M] () -- C:\Users\Public\Desktop\Altova StyleVision.lnk
[2010/10/28 03:14:32 | 000,003,037 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Altova MapForce.lnk
[2010/10/28 03:14:32 | 000,003,035 | ---- | M] () -- C:\Users\Public\Desktop\Altova SchemaAgent.lnk
[2010/10/28 03:14:32 | 000,003,033 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Altova XMLSpy.lnk
[2010/10/28 03:14:32 | 000,003,013 | ---- | M] () -- C:\Users\Public\Desktop\Altova MapForce.lnk
[2010/10/28 03:14:32 | 000,003,009 | ---- | M] () -- C:\Users\Public\Desktop\Altova XMLSpy.lnk
[2010/10/28 03:14:32 | 000,002,965 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Altova DiffDog.lnk
[2010/10/28 03:14:32 | 000,002,941 | ---- | M] () -- C:\Users\Public\Desktop\Altova DiffDog.lnk
[2010/10/28 00:10:24 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/26 11:46:06 | 000,023,609 | ---- | C] () -- C:\Users\Joe\Desktop\R-31469.tif
[2010/11/25 11:43:12 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/25 11:20:24 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/24 06:36:16 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/22 16:10:39 | 000,000,447 | ---- | C] () -- C:\Users\Joe\Desktop\tcirc.html
[2010/11/21 15:39:23 | 000,000,461 | ---- | C] () -- C:\Users\Joe\Desktop\apply.html
[2010/11/20 16:38:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2010/11/20 16:38:37 | 555,666,053 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/11/20 06:45:27 | 000,612,029 | ---- | C] () -- C:\Users\Joe\Desktop\Untitled.png
[2010/11/15 11:40:01 | 000,015,872 | ---- | C] () -- C:\Users\Joe\Desktop\Copy of initial analysis.xls
[2010/11/15 11:39:52 | 000,145,920 | ---- | C] () -- C:\Users\Joe\Desktop\principles of acoustics.doc
[2010/11/15 11:39:15 | 000,019,456 | ---- | C] () -- C:\Users\Joe\Desktop\Copy of suggested analysis.xls
[2010/11/15 11:38:03 | 000,115,836 | ---- | C] () -- C:\Users\Joe\Desktop\principles of acoustics.odt
[2010/11/15 06:17:24 | 000,001,071 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Odeon.lnk
[2010/11/15 06:17:24 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\Odeon.lnk
[2010/11/15 05:16:22 | 000,031,203 | ---- | C] () -- C:\Users\Joe\Desktop\Copy of suggested analysis.ods
[2010/11/14 21:31:11 | 000,029,471 | ---- | C] () -- C:\Users\Joe\Desktop\Copy of initial analysis.ods
[2010/11/14 02:43:34 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty - Black Ops Call MP.lnk
[2010/11/14 02:43:34 | 000,002,200 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty - Black Ops.lnk
[2010/11/14 02:33:08 | 000,001,254 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2010/11/14 02:26:42 | 000,000,044 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/11/13 22:13:22 | 001,444,384 | ---- | C] () -- C:\Users\Joe\Desktop\1992-10.pdf
[2010/10/29 02:57:30 | 000,039,015 | ---- | C] () -- C:\Users\Joe\Desktop\at-first-i-was-like.jpg
[2010/10/28 03:46:09 | 000,016,917 | ---- | C] () -- C:\Users\Joe\Desktop\sorttable.js
[2010/10/28 03:14:32 | 000,003,077 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Altova SemanticWorks.lnk
[2010/10/28 03:14:32 | 000,003,061 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Altova StyleVision.lnk
[2010/10/28 03:14:32 | 000,003,059 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Altova SchemaAgent.lnk
[2010/10/28 03:14:32 | 000,003,053 | ---- | C] () -- C:\Users\Public\Desktop\Altova SemanticWorks.lnk
[2010/10/28 03:14:32 | 000,003,037 | ---- | C] () -- C:\Users\Public\Desktop\Altova StyleVision.lnk
[2010/10/28 03:14:32 | 000,003,037 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Altova MapForce.lnk
[2010/10/28 03:14:32 | 000,003,035 | ---- | C] () -- C:\Users\Public\Desktop\Altova SchemaAgent.lnk
[2010/10/28 03:14:32 | 000,003,033 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Altova XMLSpy.lnk
[2010/10/28 03:14:32 | 000,003,013 | ---- | C] () -- C:\Users\Public\Desktop\Altova MapForce.lnk
[2010/10/28 03:14:32 | 000,003,009 | ---- | C] () -- C:\Users\Public\Desktop\Altova XMLSpy.lnk
[2010/10/28 03:14:32 | 000,002,965 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Altova DiffDog.lnk
[2010/10/28 03:14:32 | 000,002,941 | ---- | C] () -- C:\Users\Public\Desktop\Altova DiffDog.lnk
[2010/10/28 00:10:24 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/24 23:40:56 | 000,007,597 | ---- | C] () -- C:\Users\Joe\AppData\Local\resmon.resmoncfg
[2010/10/24 01:05:16 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2010/10/24 01:01:56 | 000,020,102 | ---- | C] () -- C:\Program Files (x86)\Readme.txt
[2010/10/24 01:01:56 | 000,010,960 | ---- | C] () -- C:\Program Files (x86)\EULA.txt
[2010/10/24 01:01:56 | 000,000,730 | ---- | C] () -- C:\Program Files (x86)\INSTALL.LOG
[2010/10/19 02:50:17 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/10/19 02:50:17 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/22 20:49:13 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/09/10 02:57:14 | 000,282,624 | ---- | C] () -- C:\Windows\SysWow64\tms.dll
[2010/08/07 15:49:46 | 000,765,056 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/05/26 20:57:43 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Libraries
[2010/05/26 20:57:43 | 000,000,268 | RH-- | C] () -- C:\Users\Joe\AppData\Roaming\Keychains
[2010/05/26 20:57:43 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2010/05/26 20:57:42 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Licenses
[2010/05/26 20:57:42 | 000,000,268 | RH-- | C] () -- C:\Users\Joe\AppData\Roaming\LaserPrinter
[2010/05/26 20:49:23 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010/05/26 20:48:31 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Documentation
[2010/05/26 20:48:31 | 000,000,268 | RH-- | C] () -- C:\Users\Joe\AppData\Roaming\Digital Mono
[2010/05/26 20:48:31 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/05/26 00:40:50 | 000,025,088 | ---- | C] () -- C:\Users\Joe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/25 13:41:28 | 000,000,234 | ---- | C] () -- C:\Windows\wininit.ini
[2010/05/25 12:48:56 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010/05/19 04:54:10 | 000,001,164 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2003/04/09 09:28:44 | 000,233,472 | R--- | C] () -- C:\Users\Joe\AppData\Roaming\MafiaSetup.exe

========== LOP Check ==========

[2010/09/20 12:57:56 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\.minecraft
[2010/11/11 08:28:48 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Azureus
[2010/08/12 10:24:44 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Birdstep Technology
[2010/09/16 14:23:36 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\bizarre creations
[2010/10/23 16:41:40 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\CheckPoint
[2010/11/26 21:59:55 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\ClickPotatoLite
[2010/08/15 23:18:14 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\com.adobe.ExMan
[2010/09/01 23:44:46 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\DAEMON Tools Lite
[2010/11/26 14:42:59 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\FileZilla
[2010/10/10 18:05:22 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Firaxis
[2010/08/15 17:59:46 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\gtk-2.0
[2010/05/19 04:06:58 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Leadertech
[2010/06/14 14:45:43 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Lionhead Studios
[2010/05/26 20:57:51 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Nikon
[2010/08/28 16:07:41 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Nokia
[2010/09/23 22:45:59 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Notepad++
[2010/06/30 15:56:04 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\OpenOffice.org
[2010/08/28 16:05:51 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\PC Suite
[2010/11/26 16:28:52 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\SoftGrid Client
[2010/05/25 17:52:14 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Spotify
[2010/10/25 00:20:28 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\The Creative Assembly
[2010/11/24 04:46:55 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Thinstall
[2010/08/07 15:51:50 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\TP
[2010/08/20 00:48:31 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Trillian
[2010/09/18 23:38:13 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Tropico 3
[2010/11/25 11:13:59 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\TuneUpMedia
[2010/09/21 11:53:36 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/11/26 18:04:19 | 3217,256,448 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/05/19 04:04:00 | 000,001,279 | ---- | M] () -- C:\LGSInst.Log
[2010/11/26 18:04:19 | 4289,679,360 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2010/11/03 13:25:45 | 000,000,077 | ---- | M] () -- C:\wepkeys.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 05:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 05:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 05:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 05:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 20:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 15:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 04:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2003/09/03 06:46:54 | 000,010,960 | ---- | M] () -- C:\Program Files (x86)\EULA.txt
[2010/10/24 01:13:06 | 000,000,730 | ---- | M] () -- C:\Program Files (x86)\INSTALL.LOG
[2003/12/18 10:33:46 | 000,020,102 | ---- | M] () -- C:\Program Files (x86)\Readme.txt

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/05/25 12:55:30 | 000,000,221 | -HS- | M] () -- C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/09/20 12:47:18 | 000,232,504 | ---- | M] () -- C:\Users\Joe\Desktop\Minecraft.exe
[2010/11/26 22:43:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
[2010/10/20 00:25:13 | 019,657,194 | ---- | M] () -- C:\Users\Joe\Desktop\vlc-1.1.4-win32.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 21:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/03 21:02:32 | 000,000,402 | -HS- | M] () -- C:\Users\Joe\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/11/26 18:04:34 | 000,000,044 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/05/26 20:48:31 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Documentation
[2010/06/16 11:19:57 | 000,001,164 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2010/05/26 20:57:43 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Libraries
[2010/05/26 20:57:42 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Licenses

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >
Huawei ModemsUninstall.exe

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Files - Unicode (All) ==========
[2010/06/19 13:36:50 | 000,000,000 | ---D | M](C:\Users\Joe\Favorites\?Usorted Bookmarks) -- C:\Users\Joe\Favorites\Ǔsorted Bookmarks

< End of report >

 

[prydemusic]

OTL Extras logfile created on: 26/11/2010 22:45:29 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Joe\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 41.86 Gb Free Space | 14.05% Space Free | Partition Type: NTFS

Computer Name: JOES-PC | User Name: Joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3690900F-85EA-447F-BAD1-5CA25AA9B627}" = HP Deskjet F2200 All-In-One Driver Software 13.0 Rel. 3
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8A837C47-2B21-4FDF-8370-41A1EB6A26E8}" = Microsoft Xbox 360 Accessories 1.1
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver 14.0 Rel. 6
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{AAE78E39-FAAF-4C19-A63E-BDED7428FDE1}" = Roxio Drag-to-Disc
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF43C0DC-7BD2-4A01-BDB0-46A010C51131}" = ActivePerl 5.12.2 Build 1202 (64-bit)
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"Creative OEM013" = Laptop Integrated Webcam Driver (1.01.01.0529)
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Game Jackal v4_is1" = Game Jackal v4.1.1.0 (64 bit)
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SP6" = Logitech SetPoint 6.0
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM)
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2BB0BDFF-E193-42A0-90BE-2D59441E51D2}" = F2200
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3879E12E-DA5B-4451-B973-DA0E2FEE7039}" = Garmin City Navigator Europe v8
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4ECA710C-B818-4751-A3B8-42C2D93922A8}" = Nokia Software Updater
"{50E4FCC7-90B9-48C6-9D17-7AE66F282878}" = Juiced2_HIN
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Activision(R)
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85F4CBCB-9BBC-4B50-A7D8-E1106771498D}" = Orca
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{939740B5-0064-4779-854A-8C1086181C05}" = Macromedia FreeHand MXa
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2DB3367-C2CC-4C12-A299-37B85223BB71}" = Altova MissionKit® 2011 for Enterprise XML Developers
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C06A7DAC-1708-417C-B694-28C84DFE2DF9}" = The Movies(TM) Stunts & Effects
"{C222566F-1C50-4ECD-A01E-77F9C4B95458}" = DJ_AIO_03_F2200_Software_Min
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D64B6984-242F-32BC-B008-752806E5FC44}" = Microsoft Visual Studio 2010 Shell (Isolated) - ENU
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D7B31233-EE2B-4911-AA3F-2A8C28843D3B}" = SkyPlayer for Windows Media Center
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Akamai" = Akamai NetSession Interface
"avast5" = avast! Free Antivirus
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"Capture NX 2" = Capture NX 2
"ClickPotatoLiteSA" = ClickPotato
"DivX Codec" = DivX Codec
"DivX Setup.divx.com" = DivX Setup
"EAX Unified" = EAX Unified
"FileZilla Client" = FileZilla Client 3.3.5
"Google Chrome" = Google Chrome
"Homeworld2" = Homeworld2
"HotspotShield" = Hotspot Shield 1.52
"Huawei Modems" = Huawei modem
"HW2 GUNDAM-MOD_is1" = GUNDAM MOD 3.0
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM) Stunts & Effects
"InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Blur(TM)
"King Arthur" = King Arthur
"Mafia" = Mafia
"Mafia II DLC Jimmy's Vendetta_is1" = Mafia II DLC Jimmy's Vendetta
"Mafia II Update 1_is1" = Mafia II Update 1
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mIRC" = mIRC
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"Odeon10CombinedDemo" = Odeon 10 CombinedDemo (remove only)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"openlp.org_is1" = openlp.org 1.2.4
"PC Alarm Clock" = PC Alarm Clock
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"RarZilla Free Unrar" = RarZilla Free Unrar
"Sniper Ghost Warrior_is1" = Sniper Ghost Warrior
"SpeedConnect Internet Accelerator v.7.5_is1" = SpeedConnect Internet Accelerator v.7.5
"Spotify" = Spotify
"Steam App 16830" = Sid Meier's Civilization V SDK
"Steam App 22380" = Fallout: New Vegas
"Steam App 240" = Counter-Strike: Source
"Steam App 33310" = R.U.S.E. Demo
"Steam App 34030" = Napoleon: Total War
"Steam App 45000" = Sol Survivor
"Steam App 8930" = Sid Meier's Civilization V
"Trillian" = Trillian
"TuneUpMedia" = TuneUp Companion 1.9.0
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.4
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.1 final uninstall
"ZionWorx" = ZionWorx
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BingoLinerUK" = BingoLinerUK
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/11/2010 09:19:20 | Computer Name = Joes-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 25/11/2010 09:19:55 | Computer Name = Joes-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 25/11/2010 09:19:59 | Computer Name = Joes-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\odeon10combineddemo\DelZip179.dll".Error
in manifest or policy file "c:\program files (x86)\odeon10combineddemo\DelZip179.dll"
on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is
invalid.

Error - 26/11/2010 06:00:20 | Computer Name = Joes-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0062-0409-0000-0000000FF1CE}):
DownloadLatest Failed:

Error - 26/11/2010 07:01:22 | Computer Name = Joes-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0062-0409-0000-0000000FF1CE}):
DownloadLatest Failed:

Error - 26/11/2010 07:35:35 | Computer Name = Joes-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0062-0409-0000-0000000FF1CE}):
DownloadLatest Failed:

Error - 26/11/2010 08:43:32 | Computer Name = Joes-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 26/11/2010 08:44:33 | Computer Name = Joes-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 26/11/2010 08:45:04 | Computer Name = Joes-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 26/11/2010 08:45:07 | Computer Name = Joes-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\odeon10combineddemo\DelZip179.dll".Error
in manifest or policy file "c:\program files (x86)\odeon10combineddemo\DelZip179.dll"
on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is
invalid.

[ Media Center Events ]
Error - 03/09/2010 20:53:53 | Computer Name = Joes-PC | Source = MCUpdate | ID = 0
Description = 01:53:49 - Failed to retrieve Broadband (Error: The underlying connection
was closed: The connection was closed unexpectedly.)

Error - 03/09/2010 21:57:27 | Computer Name = Joes-PC | Source = MCUpdate | ID = 0
Description = 02:57:26 - Failed to retrieve MCESpotlight (Error: The underlying
connection was closed: The connection was closed unexpectedly.)

Error - 03/09/2010 21:57:30 | Computer Name = Joes-PC | Source = MCUpdate | ID = 0
Description = 02:57:28 - Failed to retrieve Broadband (Error: The underlying connection
was closed: The connection was closed unexpectedly.)

Error - 04/09/2010 20:14:30 | Computer Name = Joes-PC | Source = MCUpdate | ID = 0
Description = 01:14:29 - Failed to retrieve MCESpotlight (Error: The underlying
connection was closed: An unexpected error occurred on a receive.)

Error - 24/09/2010 22:39:35 | Computer Name = Joes-PC | Source = MCUpdate | ID = 0
Description = 03:39:34 - Error connecting to the internet. 03:39:34 - Unable
to contact server..

Error - 25/09/2010 10:15:52 | Computer Name = Joes-PC | Source = MCUpdate | ID = 0
Description = 15:15:51 - Error connecting to the internet. 15:15:51 - Unable
to contact server..

Error - 24/10/2010 22:32:54 | Computer Name = Joes-PC | Source = MCUpdate | ID = 0
Description = 03:32:53 - Error connecting to the internet. 03:32:53 - Unable
to contact server..

Error - 24/10/2010 23:33:00 | Computer Name = Joes-PC | Source = MCUpdate | ID = 0
Description = 04:33:00 - Error connecting to the internet. 04:33:00 - Unable
to contact server..

Error - 25/10/2010 00:33:05 | Computer Name = Joes-PC | Source = MCUpdate | ID = 0
Description = 05:33:05 - Error connecting to the internet. 05:33:05 - Unable
to contact server..

Error - 25/10/2010 07:52:17 | Computer Name = Joes-PC | Source = MCUpdate | ID = 0
Description = 12:52:16 - Error connecting to the internet. 12:52:17 - Unable
to contact server..

[ System Events ]
Error - 09/11/2010 20:43:14 | Computer Name = Joes-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 09/11/2010 20:43:15 | Computer Name = Joes-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 09/11/2010 20:43:17 | Computer Name = Joes-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 09/11/2010 20:51:38 | Computer Name = Joes-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 09/11/2010 20:52:41 | Computer Name = Joes-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 09/11/2010 20:52:41 | Computer Name = Joes-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 09/11/2010 20:52:41 | Computer Name = Joes-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 09/11/2010 20:52:41 | Computer Name = Joes-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 09/11/2010 20:52:42 | Computer Name = Joes-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 09/11/2010 20:52:45 | Computer Name = Joes-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.


< End of report >

 

[Broni]

Does your ZoneAlarm include AV part, or it's a firewall only?

========================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

======================================================================

Uninstall Ask Toolbar, known adware.

========================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\srvany.exe -- (KMService)
  SRV - [2010/08/09 10:52:16 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
  [2010/10/30 07:05:32 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\toolbar@ask.com
  FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
  O2 - BHO: (AnchorFree Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
  O3 - HKLM\..\Toolbar: (AnchorFree Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
  O3 - HKCU\..\Toolbar\WebBrowser: (AnchorFree Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
  O33 - MountPoints2\{26172ca7-ef82-11df-8524-0024e8bb7dcc}\Shell\AutoRun\command - "" = I:\SETUP.EXE -- File not found
  O33 - MountPoints2\{8418cab5-6803-11df-ad6f-00225fca58dd}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
  O33 - MountPoints2\{cbf0d984-a913-11df-85bd-00225fca58dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
  O33 - MountPoints2\{cbf0d988-a913-11df-85bd-00225fca58dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
  O33 - MountPoints2\{cbf0d9ba-a913-11df-85bd-0024e8bb7dcc}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
  O33 - MountPoints2\{f22e51ae-a5b7-11df-a9e6-0024e8bb7dcc}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
  O33 - MountPoints2\{f22e51b7-a5b7-11df-a9e6-0024e8bb7dcc}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
  O33 - MountPoints2\{fe09bfb1-bb9c-11df-a8b0-0024e8bb7dcc}\Shell\AutoRun\command - "" = F:\steambackup.exe -- File not found
  O33 - MountPoints2\{fe09bfb2-bb9c-11df-a8b0-0024e8bb7dcc}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
  
  
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[prydemusic]

my zone alarm is only the free firewall.
i will carry out all the steps above when i get back tonight as im busy all day
thanks very much for all your help so far

 

[Broni]

You're very welcome

 

[prydemusic]

All processes killed
========== OTL ==========
Service KMService stopped successfully!
Service KMService deleted successfully!
File C:\Windows\SysNative\srvany.exe not found.
Error: No service named KMService was found to stop!
Service\Driver key KMService not found.
C:\Windows\SysWOW64\srvany.exe moved successfully.
Folder C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\toolbar@ask.com\ not found.
Prefs.js: toolbar@ask.com:3.9.1.14019 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26172ca7-ef82-11df-8524-0024e8bb7dcc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26172ca7-ef82-11df-8524-0024e8bb7dcc}\ not found.
File I:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8418cab5-6803-11df-ad6f-00225fca58dd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8418cab5-6803-11df-ad6f-00225fca58dd}\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbf0d984-a913-11df-85bd-00225fca58dd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbf0d984-a913-11df-85bd-00225fca58dd}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbf0d988-a913-11df-85bd-00225fca58dd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbf0d988-a913-11df-85bd-00225fca58dd}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbf0d9ba-a913-11df-85bd-0024e8bb7dcc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbf0d9ba-a913-11df-85bd-0024e8bb7dcc}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f22e51ae-a5b7-11df-a9e6-0024e8bb7dcc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f22e51ae-a5b7-11df-a9e6-0024e8bb7dcc}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f22e51b7-a5b7-11df-a9e6-0024e8bb7dcc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f22e51b7-a5b7-11df-a9e6-0024e8bb7dcc}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe09bfb1-bb9c-11df-a8b0-0024e8bb7dcc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe09bfb1-bb9c-11df-a8b0-0024e8bb7dcc}\ not found.
File F:\steambackup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe09bfb2-bb9c-11df-a8b0-0024e8bb7dcc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe09bfb2-bb9c-11df-a8b0-0024e8bb7dcc}\ not found.
File G:\Autorun.exe not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Joe
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78615514 bytes
->Java cache emptied: 27346 bytes
->FireFox cache emptied: 52204796 bytes
->Google Chrome cache emptied: 11685554 bytes
->Flash cache emptied: 8629 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1861389 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 355 bytes

Total Files Cleaned = 138.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Joe
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11302010_090041

Files\Folders moved on Reboot...
C:\Users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UN5HAOXC\topmarketsearch_com[1].txt moved successfully.
C:\Users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6JWPZVC\searchTrackCAVMGTSO.php moved successfully.
C:\Users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\51G9JLAK\showbannerCAU15HYX.php moved successfully.
C:\Users\Joe\AppData\Local\Mozilla\Firefox\Profiles\f1z5tiz4.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Joe\AppData\Local\Mozilla\Firefox\Profiles\f1z5tiz4.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Joe\AppData\Local\Mozilla\Firefox\Profiles\f1z5tiz4.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Joe\AppData\Local\Mozilla\Firefox\Profiles\f1z5tiz4.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Joe\AppData\Local\Mozilla\Firefox\Profiles\f1z5tiz4.default\urlclassifier3.sqlite moved successfully.
C:\Users\Joe\AppData\Local\Mozilla\Firefox\Profiles\f1z5tiz4.default\XUL.mfl moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\ZLT05ca6.TMP not found!

Registry entries deleted on Reboot...

 

[prydemusic]

Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Free Antivirus
ZoneAlarm
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
TuneUp Companion 1.9.0
Java(TM) 6 Update 20
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.0
Mozilla Firefox (3.6.12) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Spybot Teatimer.exe is disabled!
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
Zone Labs ZoneAlarm zlclient.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

 

[prydemusic]

ESET logs
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application
C:\Program Files (x86)\Sierra\Homeworld2\Bin\Release\Homeworld2.exe NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan
C:\Users\Joe\AppData\Local\Temp\jar_cache3411008061008849146.tmp a variant of Java/TrojanDownloader.OpenStream.NAU trojan
C:\Users\Joe\AppData\Local\Temp\jar_cache3682321904243500042.tmp multiple threats
C:\Users\Joe\AppData\Local\Temp\jar_cache3923356081705212885.tmp a variant of Java/TrojanDownloader.OpenStream.NAU trojan
C:\Users\Joe\AppData\Local\Temp\jar_cache4316352864087477289.tmp a variant of Java/TrojanDownloader.OpenStream.NAU trojan
C:\Users\Joe\AppData\Local\Temp\jar_cache4637076659082022845.tmp multiple threats
C:\Users\Joe\AppData\Local\Temp\jar_cache7206832203688875741.tmp multiple threats
C:\Users\Joe\AppData\Local\Temp\jar_cache7306116444400822501.tmp multiple threats
C:\Users\Joe\AppData\Local\Temp\jar_cache8869624155160911559.tmp a variant of Java/TrojanDownloader.OpenStream.NAU trojan
C:\Users\Joe\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\30000000a0300002h\MSACCESS.EXE probably a variant of Win32/Agent.CQFXUJI trojan
C:\Users\Joe\Documents\Vuze Downloads\Homeworld2.exe NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan
C:\Users\Joe\Documents\Vuze Downloads\HomeWorld2.rar NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan
C:\Users\Joe\Documents\Vuze Downloads\rld-ruse.cloudshadow-working.iso multiple threats
C:\Users\Joe\Documents\Vuze Downloads\HomeWorld2\hw2\Manual\AdbeRdr60_enu_full.exe NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan
C:\Users\Joe\Documents\Vuze Downloads\HomeWorld2\hw2\Patch\homeworld2_update_en_10_11.exe NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan
C:\Users\Joe\Downloads\VLCSetup.exe a variant of Win32/Adware.HotBar.H application
C:\Users\Joe\Downloads\XvidSetup.exe a variant of Win32/Adware.HotBar.H application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P7IJ6IFN\upgrade[1].cab a variant of Win32/Adware.OneStep.P application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWVA0QOR\upgrade[1].cab a variant of Win32/Adware.OneStep.P application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P7IJ6IFN\upgrade[1].cab a variant of Win32/Adware.OneStep.P application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWVA0QOR\upgrade[1].cab a variant of Win32/Adware.OneStep.P application

 

[Broni]

Java(TM) 6 Update 20

You didn't run JavaRa to remove old Java versions.
Please, do it now.

========================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  
  :Services
  
  :Reg
  
  :Files
  C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe 
  C:\Program Files (x86)\Sierra\Homeworld2\Bin\Release\Homeworld2.exe 
  C:\Users\Joe\AppData\Local\Temp\jar_cache3411008061008849146.tmp 
  C:\Users\Joe\AppData\Local\Temp\jar_cache3682321904243500042.tmp 
  C:\Users\Joe\AppData\Local\Temp\jar_cache3923356081705212885.tmp 
  C:\Users\Joe\AppData\Local\Temp\jar_cache4316352864087477289.tmp 
  C:\Users\Joe\AppData\Local\Temp\jar_cache4637076659082022845.tmp 
  C:\Users\Joe\AppData\Local\Temp\jar_cache7206832203688875741.tmp 
  C:\Users\Joe\AppData\Local\Temp\jar_cache7306116444400822501.tmp 
  C:\Users\Joe\AppData\Local\Temp\jar_cache8869624155160911559.tmp 
  C:\Users\Joe\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\30000000a0300002h\MSACCESS.EXE 
  C:\Users\Joe\Documents\Vuze Downloads\Homeworld2.exe 
  C:\Users\Joe\Documents\Vuze Downloads\HomeWorld2.rar 
  C:\Users\Joe\Documents\Vuze Downloads\rld-ruse.cloudshadow-working.iso 
  C:\Users\Joe\Documents\Vuze Downloads\HomeWorld2\hw2\Manual\AdbeRdr60_enu_full.exe 
  C:\Users\Joe\Documents\Vuze Downloads\HomeWorld2\hw2\Patch\homeworld2_update_en_10_11.exe 
  C:\Users\Joe\Downloads\VLCSetup.exe 
  C:\Users\Joe\Downloads\XvidSetup.exe 
  C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P7IJ6IFN\upgrade[1].cab 
  C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWVA0QOR\upgrade[1].cab 
  C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P7IJ6IFN\upgrade[1].cab 
  C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\XWVA0QOR\upgrade[1].cab
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

====================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

 

[Broni]

The issue seems to be resolved...