Very slow computer, possible spyware

**markus212** · 2010-05-31, 21:41

My computer has recently become very slow, I imagine this is due to spyware.
Here is a hijackthis log.
thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:37:15, on 31/05/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ByteGems.com\I Hate This Key\IHateThisKey.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\ManyCam 2.4\ManyCam.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marcus\Desktop\Programs\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [GSISETUP] E:\setup.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [RegKillTray] "C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [McRegWiz] C:\Program Files\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\RunServices: [McShld9x] C:\Program Files\McAfee.com\VSO\mcshld9x.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_SC034.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [IHateThisKey] C:\Program Files\ByteGems.com\I Hate This Key\IHateThisKey.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.4\ManyCam.exe"
O4 - HKCU\..\Run: [Iyozitokesikom] rundll32.exe "C:\Users\Marcus\AppData\Local\NCLexp.dll",Startup
O4 - HKCU\..\Run: [Psozemahedil] rundll32.exe "C:\Users\Marcus\AppData\Local\ahigucor.dll",Startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSWUpdate] C:\Users\Marcus\AppData\Roaming\lsass.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 13516 bytes
-----------------------

DDS log now preliminary log requested, not HJT

**Blade81** · 2010-06-04, 09:52

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop. Post them back to your topic.

**markus212** · 2010-06-05, 15:32

hi, I tried running the DDS program but I can't find the logfile, I made sure to disable the TeaTimer function on Spybot. As far as I am aware I don't have anything other than the Windows firewall running.

**Blade81** · 2010-06-05, 16:26

Hi,

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Copy-paste following contents into custom scan -area:
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

**markus212** · 2010-06-06, 11:39

Extras.txt:

OTL Extras logfile created on: 06/06/2010 10:28:32 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Marcus\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.20 Gb Total Space | 91.62 Gb Free Space | 31.57% Space Free | Partition Type: NTFS
Drive D: | 7.89 Gb Total Space | 1.04 Gb Free Space | 13.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARCUS-PC
Current User Name: Marcus
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Force Uninstall] -- C:\Program Files\Perfect Uninstaller\PU.exe "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05069BA8-21F2-4046-A265-7BBCE5478E8D}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
"{3A849754-F16C-40F3-8470-16AD8B945CEA}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
"{77F3CA9B-083E-4E7A-AAE2-EEE07E53F34D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BAFABCAB-D05E-4F63-85AE-77EEDF76B523}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C1CBFEB-DC97-4F4D-BDD3-30BC3011EF26}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 demo\binaries\ut3demo.exe |
"{0C98C405-57B8-42FD-BA16-594424791633}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{0D026CCE-573D-4A24-97CE-76BAED5E2C59}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{0F71CF66-3092-442F-8922-2737DEC8F944}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{102BE634-40B1-4EFD-B7EB-0A1D7FDC5C0A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{11243E18-99A4-456E-950E-214DF94D1535}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{15C3476E-6B8E-4F0B-BD7A-78B3BCD960EF}" = protocol=17 | dir=in | app=c:\users\marcus\program files\bittorrent_dna\dna.exe |
"{172CEEDF-F2C8-40E7-B043-DF02246037AB}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{1779051B-25A3-445D-AEDA-86F5C4C72FC7}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{1CA0895C-9175-44FD-8D4C-46E007CF039A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{30A3112A-4AF0-4BD2-8185-97813BB927D8}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{3110A17E-6433-494D-9356-7EFD25D83684}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{3A589965-23E1-4559-BFDF-539F884F8A92}" = protocol=6 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs3a14.tmp\symnrt.exe |
"{3C438585-3BFC-4C80-9C15-EE93B03262A4}" = protocol=17 | dir=in | app=c:\program files\bittorrent_dna\dna.exe |
"{3E957A28-299A-4C25-A959-CDB84A556519}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{4002B1E2-4711-4970-8427-9D14466A1793}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{40FBBB9E-8A76-4C25-906A-00776CE25AE5}" = protocol=6 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs1708.tmp\symnrt.exe |
"{437E17A8-3B30-4F84-A3B3-4BCB0DFBA716}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{43FFA852-98A3-4046-B690-6F1499AE82D7}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{45079EF0-BE68-478A-919B-5FC243444A29}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{46354080-058F-4E0E-AC93-FE1B6DAE3403}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{46EDF16A-237E-40E8-BF76-9E93688287BA}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{4891ACF5-09F4-4097-BC61-16713725CD98}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{54F0DF5C-1A04-496A-8971-297050B7888D}" = protocol=17 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs1708.tmp\symnrt.exe |
"{57CE008C-D5DB-4257-91EE-24FB9BFBC47E}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{656DB2CA-AE85-4CD0-8F4C-9F7AC38A0B8F}" = protocol=6 | dir=in | app=c:\users\marcus\program files\bittorrent_dna\dna.exe |
"{6606C470-4FE7-4332-9064-67815CA2F6A8}" = protocol=6 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs2eec.tmp\symnrt.exe |
"{67233814-FE52-4C79-8431-D0E19D6A5CEE}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{72E40133-A1BD-4451-AC16-35548EF5404F}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{7306407D-F11B-4831-A599-7A159C9F2CA9}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{73BFE3DC-DD5A-439D-B12F-B928D48FC20A}" = protocol=6 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs7ff8.tmp\symnrt.exe |
"{7B967F3C-B00A-48AA-BA93-563FC5182587}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{7CBD3D1A-22FD-43C8-9A4A-FCC3B362DD0A}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{7CD62407-4AFF-4769-942E-8FC0575DFFED}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{7F3BB18E-EAD1-44BB-BDB0-ED81B98F17EF}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{81F65645-11E0-4B10-9AF7-FAB5708D73C0}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{83752797-490C-41BA-BC0E-D2236A55FEAA}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{8675C652-A5E3-4A7E-ABA7-EBE956394F05}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{912DDB1B-3D56-446C-962A-700BB66C3946}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{9687EA38-A746-4636-9BB9-A28D117F2FFB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{977090B5-257A-45EE-B92F-F3128CF4E438}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{985DF217-F2E0-44CF-B3E9-E4DDC5EAF8F8}" = protocol=6 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs6fe1.tmp\symnrt.exe |
"{98C9FEDB-2BDD-4715-A36C-58973DFC2945}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{A62D4CC0-CC1B-4ED8-8394-5EAACCAE38A3}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{A91198A0-645A-418D-BDD9-41C290024F91}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 demo\binaries\ut3demo.exe |
"{AD8BEC36-6AC1-4573-AC76-D405F831FA84}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{AFA8D931-9E0A-450C-9CDE-BC7A6A0F1CF0}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{B0EB7DB8-069C-4C50-92E5-42575A9C2095}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{B1A23E38-1F7D-4256-934B-25F5E51649F4}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{B336444F-55A9-49DB-A7F4-E0FE2C16BEC4}" = protocol=17 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs3a14.tmp\symnrt.exe |
"{B662FE93-68B7-48A3-BE60-FC64D0DC1EFB}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{B70FE6A8-17BE-4AA9-A355-9323113A6F5E}" = protocol=17 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs6fe1.tmp\symnrt.exe |
"{BB381FD6-2C58-40B7-A80A-5F3BED6DA8F1}" = protocol=17 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs7ff8.tmp\symnrt.exe |
"{BDBFC4E3-4947-473E-B6B7-A82EA899B4FA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{BEF93859-0EE7-4D0E-ACD2-A54582779F7D}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{C3057C9E-CE04-40C7-8F93-35E924F7E33C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{C88E5345-4A46-4D38-BFE8-F1AF427DBFDB}" = protocol=17 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs4fd4.tmp\symnrt.exe |
"{D208D1B9-9521-48B0-9236-45B3D45F3C41}" = protocol=6 | dir=in | app=c:\program files\bittorrent_dna\dna.exe |
"{D7748B91-C402-4BDA-9A14-21F53099CA8A}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{D9E930A0-2AB9-4865-8908-F6B40569C1A7}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{DD2EB50A-8511-4A7A-A7FC-D8DECF0300C7}" = protocol=6 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs4fd4.tmp\symnrt.exe |
"{E0E646DA-1BCF-4219-8208-E486E8F7EF67}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{EFBFE5C8-DD66-4108-905B-35F22D0219E2}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F2D9F610-5809-4948-B90C-5F0CE4FC0B60}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{F7106B70-2610-4C08-B4B1-A2E4D178B4F2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FB0D2316-5992-4D84-9A63-D9BAE29260D3}" = protocol=17 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs2eec.tmp\symnrt.exe |
"TCP Query User{263FB633-FAD4-40BA-86F1-3FF2EC663DA9}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe |
"TCP Query User{5107B846-92FE-4A84-93CD-67BED3612131}C:\program files\soulseek-test\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek-test\slsk.exe |
"TCP Query User{69CF35F1-71FB-4160-8051-39E1D7744F63}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{6E1E3D17-5559-4CCA-84A0-0C60013E0FB7}C:\users\marcus\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\marcus\program files\dna\btdna.exe |
"TCP Query User{71B4BBE0-CD77-410A-A6D4-FB9A5D1C114E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A3304DBF-2D7A-447A-80A8-6C6F05EBBDC5}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{F0D8D0C2-4BC8-4F2A-9D72-27C6B30EEBD8}C:\users\marcus\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\marcus\program files\dna\btdna.exe |
"TCP Query User{F6A21F0D-F75F-46FB-8E7F-543AA3C1CF11}C:\users\marcus\program files\bittorrent_dna\dna.exe" = protocol=6 | dir=in | app=c:\users\marcus\program files\bittorrent_dna\dna.exe |
"UDP Query User{47611234-2CD1-4144-9DD8-0DCA963A4952}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{49FD287A-594B-4D38-8ACF-72D8A131F50A}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{85871C09-F927-45EB-9898-E6015B3A6DAC}C:\users\marcus\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\marcus\program files\dna\btdna.exe |
"UDP Query User{8BCFC60A-7DCE-4766-BC3D-1592213B6511}C:\users\marcus\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\marcus\program files\dna\btdna.exe |
"UDP Query User{A4903D7D-FDBA-4AC0-948E-07B322B526A9}C:\program files\soulseek-test\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek-test\slsk.exe |
"UDP Query User{B0102943-C4B9-47C4-86AF-4138FAE2F5E7}C:\users\marcus\program files\bittorrent_dna\dna.exe" = protocol=17 | dir=in | app=c:\users\marcus\program files\bittorrent_dna\dna.exe |
"UDP Query User{B8F909B0-26F9-4A35-9275-051BF24081E1}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe |
"UDP Query User{C217CCC2-45AA-41AA-83F9-09F3895AB151}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}" = Free NaturalReader
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{25F6C900-C138-4888-A56C-91D3D063023A}" = HP Update
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2F173C40-563E-11D4-89C5-0010ADDAAC33}" = EA.com Matchup
"{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{343DBCC6-511C-46C7-B0B7-DD86F60843E5}" = Licensing Service Install
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40C03514-89C3-41BA-0090-3B440256DB87}" = The Sims 2
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6804F55C-8E8F-46B5-9DF7-428AF2D139D5}_is1" = Xiah
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}" = McAfee Virtual Technician
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}" = Sibelius 5
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E8B0B371-85E3-403A-B2FD-ABF6E9D2F8AF}" = Rhythm Rascal
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0FC1E09-AF67-47BC-9E61-90ECFEB4CE82}" = OLYMPUS Master 2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"1888 Number to Word Converter_is1" = 1888 Number to Word Converter 1.0
"Acoustica MP3 Audio Mixer" = Acoustica MP3 Audio Mixer
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
"Age of Empires 2.0" = Microsoft Age of Empires II
"AIM_6" = AIM 6
"Audacity_is1" = Audacity 1.2.6
"Browser Defender_is1" = Browser Defender 2.0.6.15
"BT Broadband Talk Softphone Frontier_is1" = BT Broadband Talk Softphone 2.0
"BT Total Broadband 220V" = BTTotalBroadband220V
"CD - DVD Publishing Service" = CD - DVD Publishing Service
"Celemony Melodyne Plugin_is1" = Celemony Melodyne Plugin VST RTAS v1.0
"Collab" = Collab
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"coverXP" = coverXP (remove only)
"Deadhunt (demo)_is1" = Deadhunt Demo
"DesktopActivityRecorder" = Desktop Activity Recorder 2.6
"Diablo II" = Diablo II
"DVD Region Killer" = DVD Region Killer
"Emagic Logic Audio Platinum 5.5" = Emagic Logic Audio Platinum 5.5
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"FL Studio 7" = FL Studio 7
"Graboid Video" = Graboid Video 1.3
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"I Hate This Key_is1" = I Hate This Key Deluxe Edition 5.1
"IL Download Manager" = IL Download Manager
"ImgBurn" = ImgBurn
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Intel(R) Configuration Center" = Intel® Viiv™ Software
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.5.7 Basic
"Lambda ASIO driver" = Lexicon Lambda ASIO(remove only)
"Live 7.0.3" = Live 7.0.3
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"MAGIX Media Manager 2004 silver" = MAGIX Media Manager 2004 silver
"MAGIX music maker 2005 deLuxe" = MAGIX music maker 2005 deLuxe
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"MbrolaTools35_is1" = Mbrola Tools 3.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"Neuratron PhotoScore Lite" = Neuratron PhotoScore Lite
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.2.2
"Platypus Free Trial_is1" = Platypus 1.13
"PrintScreenDeluxe" = Print Screen Deluxe
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer
"Reason_is1" = Reason 3.0
"Registry Mechanic_is1" = Registry Mechanic 8.0
"SearchIn1Step" = SearchInOneStep 1.0 build 172
"SmartUndelete_is1" = SmartUndelete
"Soulseek" = SoulSeek Client 156c
"Spotify" = Spotify
"Spyware Doctor" = Spyware Doctor 7.0
"Steinberg Cubase LE" = Steinberg Cubase LE
"ToneGen" = NCH Tone Generator
"UltraISO_is1" = UltraISO Premium V9.32
"USARadioNow Toolbar" = USARadioNow Toolbar
"UT2003" = Unreal Tournament 2003
"Viral Outbreak v1.00 Demo_is1" = Viral Outbreak v1.00 VSTi Demo
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WavePad" = WavePad Sound Editor
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YouTube FLV to AVI converter Pro_is1" = YouTube FLV to AVI converter Pro 2.1.2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Diablo II" = Diablo II
"InstallShield_{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/06/2010 14:47:58 | Computer Name = Marcus-PC | Source = Application Hang | ID = 1002
Description = The program Kunaki_CD-DVD_Publishing_Service.exe version 10.0.0.0
stopped interacting with Windows and was closed. To see if more information about
the problem is available, check the problem history in the Problem Reports and
Solutions control panel. Process ID: 2a40 Start Time: 01cb0284151cb818 Termination
Time: 22

Error - 02/06/2010 14:50:23 | Computer Name = Marcus-PC | Source = Application Error | ID = 1000
Description = Faulting application PU.exe, version 6.3.3.8, time stamp 0x2a425e19,
faulting module RegBrowser.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc0000135, fault offset 0x00009cac, process id 0x3424, application
start time 0x01cb0284723285c8.

Error - 02/06/2010 14:50:35 | Computer Name = Marcus-PC | Source = Application Error | ID = 1000
Description = Faulting application PU.exe, version 6.3.3.8, time stamp 0x2a425e19,
faulting module RegBrowser.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc0000135, fault offset 0x00009cac, process id 0x37b4, application
start time 0x01cb028478009378.

Error - 02/06/2010 17:32:00 | Computer Name = Marcus-PC | Source = Application Hang | ID = 1002
Description = The program FL.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 2c1c Start Time: 01cb02865d3cda18 Termination Time: 24

Error - 02/06/2010 19:07:13 | Computer Name = Marcus-PC | Source = Application Error | ID = 1000
Description = Faulting application musicmaker.exe, version 10.0.0.10, time stamp
0x416d19a8, faulting module kernel32.dll, version 6.0.6001.18215, time stamp 0x49953395,
exception code 0xc0000005, fault offset 0x0004c2cb, process id 0x28fc, application
start time 0x01cb029bdd58d2c8.

Error - 03/06/2010 08:26:33 | Computer Name = Marcus-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 05/06/2010 11:40:35 | Computer Name = Marcus-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 938 Start Time: 01cb04c47d797293 Termination Time: 159

Error - 05/06/2010 11:40:41 | Computer Name = Marcus-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1310 Start Time: 01cb04c5021819c3 Termination Time: 45

Error - 05/06/2010 19:18:57 | Computer Name = Marcus-PC | Source = Application Error | ID = 1000
Description = Faulting application musicmaker.exe, version 10.0.0.10, time stamp
0x416d19a8, faulting module kernel32.dll, version 6.0.6001.18215, time stamp 0x49953395,
exception code 0xc0000005, fault offset 0x0004c2cb, process id 0x26d4, application
start time 0x01cb050519b8bb33.

Error - 05/06/2010 19:26:30 | Computer Name = Marcus-PC | Source = Application Error | ID = 1000
Description = Faulting application PsiService_2.exe, version 2.2.0.56, time stamp
0x46e72c4b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00000000, process id 0xd0, application start time
0x01cb048fdba713c3.

[ Media Center Events ]
Error - 17/04/2008 07:57:23 | Computer Name = Marcus-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ OSession Events ]
Error - 27/12/2008 19:10:57 | Computer Name = Marcus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 14170
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15/08/2009 16:47:13 | Computer Name = Marcus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 36475
seconds with 660 seconds of active time. This session ended with a crash.

Error - 09/12/2009 20:34:35 | Computer Name = Marcus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11609
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 03/06/2010 20:04:57 | Computer Name = Marcus-PC | Source = HTTP | ID = 15016
Description =

Error - 03/06/2010 20:05:08 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 04/06/2010 07:11:10 | Computer Name = Marcus-PC | Source = HTTP | ID = 15016
Description =

Error - 04/06/2010 07:11:21 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 04/06/2010 16:24:44 | Computer Name = Marcus-PC | Source = HTTP | ID = 15016
Description =

Error - 04/06/2010 16:24:58 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 05/06/2010 05:16:55 | Computer Name = Marcus-PC | Source = HTTP | ID = 15016
Description =

Error - 05/06/2010 05:17:06 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 06/06/2010 04:38:31 | Computer Name = Marcus-PC | Source = HTTP | ID = 15016
Description =

Error - 06/06/2010 04:38:38 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >

**markus212** · 2010-06-06, 11:40

OTL.txt

OTL logfile created on: 06/06/2010 10:28:32 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Marcus\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.20 Gb Total Space | 91.62 Gb Free Space | 31.57% Space Free | Partition Type: NTFS
Drive D: | 7.89 Gb Total Space | 1.04 Gb Free Space | 13.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARCUS-PC
Current User Name: Marcus
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Marcus\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Marcus\AppData\Roaming\lsass.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\ByteGems.com\I Hate This Key\IHateThisKey.exe (ByteGems.com Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
PRC - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe (Elaborate Bytes)

========== Modules (SafeList) ==========

MOD - C:\Users\Marcus\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Spyware Doctor\PCTGMhk.dll (PC Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (SearchIn1Step Service) -- File not found
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (Remote UI Service) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
SRV - (MCLServiceATL) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
SRV - (ISSM) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel(R) Corporation)
SRV - (AlertService) Intel(R) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (M1 Server) Intel(R) Viiv(TM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (IntelDHSvcConf) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe (Intel(R) Corporation)

========== Driver Services (SafeList) ==========

DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (usbaudio) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (CEUSBAUD) -- C:\Windows\System32\drivers\ceusbaud.sys (CEntrance, Inc.)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (RegKill) -- C:\Windows\System32\drivers\RegKill.sys (Elaborate Bytes)
DRV - (DfuUsb) -- C:\Windows\System32\drivers\DFUUsb.sys (Texas Instruments)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/...ch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://uk.ask.com?o=15784&l=dis"
FF - prefs.js..extensions.enabledItems: {8771569D-6C8B-45B5-8D74-5A80DDDF668D}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {1C530A94-FB03-4325-9678-3898A46EC5CF}:1.9.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/17 18:29:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/17 18:29:00 | 000,000,000 | ---D | M]

[2008/11/02 10:15:45 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Mozilla\Extensions
[2010/06/05 11:01:04 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\i5auhz8l.default\extensions
[2009/08/18 18:46:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\i5auhz8l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/23 23:51:08 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\i5auhz8l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/17 19:40:13 | 000,002,427 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\i5auhz8l.default\searchplugins\askcom.xml
[2009/02/21 17:12:16 | 000,001,632 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\i5auhz8l.default\searchplugins\live-search.xml
[2010/04/17 19:40:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/01/22 22:17:41 | 000,000,000 | ---D | M] (SearchInOneStep) -- C:\Program Files\Mozilla Firefox\extensions\{8771569D-6C8B-45B5-8D74-5A80DDDF668D}
[2008/09/04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/11/18 17:18:58 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/11/18 17:18:58 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/11/18 17:18:58 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/01/22 12:50:44 | 000,002,420 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\searchin1172.xml
[2009/11/18 17:18:58 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/05/31 17:32:57 | 000,396,959 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13703 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (Winamp Toolbar BHO) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O4 - HKLM..\Run: [CCUTRAYICON] File not found
O4 - HKLM..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe File not found
O4 - HKLM..\Run: [GSISETUP] E:\setup.exe File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RegKillElbyCheck] C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [RegKillTray] C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe (Elaborate Bytes)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe (Sammsoft)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [IHateThisKey] C:\Program Files\ByteGems.com\I Hate This Key\IHateThisKey.exe (ByteGems.com Software)
O4 - HKCU..\Run: [Iyozitokesikom] C:\Users\Marcus\AppData\Local\NCLexp.DLL (www.madshi.net)
O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [MSWUpdate] C:\Users\Marcus\AppData\Roaming\lsass.exe ()
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [Psozemahedil] C:\Users\Marcus\AppData\Local\ahigucor.DLL (Sipro Lab Telecom Inc.)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/english...an_unicode.cab (CKAVWebScan Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedIn...derControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/27 23:42:23 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/06/28 22:25:14 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/05/31 20:36:10 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\Threat Expert
[2010/05/31 19:08:07 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\McAfee
[2010/05/31 17:07:50 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/05/31 17:07:50 | 001,636,304 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll.old
[2010/05/31 17:07:50 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/05/31 17:07:50 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/05/31 17:07:45 | 000,229,304 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/05/31 17:07:45 | 000,097,208 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/05/31 17:07:41 | 000,207,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/05/31 17:07:41 | 000,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/05/31 17:07:37 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/05/31 17:07:33 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\PC Tools
[2010/05/31 17:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/05/31 17:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/05/26 11:21:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/05/25 15:28:46 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\{1C530A94-FB03-4325-9678-3898A46EC5CF}
[2010/05/25 14:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mbrola Tools
[7 C:\Users\Marcus\Documents\*.tmp files -> C:\Users\Marcus\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/06 10:33:05 | 008,126,464 | -HS- | M] () -- C:\Users\Marcus\ntuser.dat
[2010/06/06 09:43:56 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/06 09:43:56 | 000,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/06 09:43:56 | 000,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/06 09:41:08 | 000,001,594 | ---- | M] () -- C:\Users\Marcus\Desktop\Clean Registry for Free!.lnk
[2010/06/06 09:40:52 | 000,000,000 | ---- | M] () -- C:\Users\Marcus\AppData\Local\Ltomariv.bin
[2010/06/06 09:38:40 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/06 09:38:40 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/06 09:38:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/06 09:38:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/06 09:38:25 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/06 00:26:22 | 000,524,288 | -HS- | M] () -- C:\Users\Marcus\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/06/06 00:26:22 | 000,065,536 | -HS- | M] () -- C:\Users\Marcus\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/06/06 00:24:20 | 003,874,803 | -H-- | M] () -- C:\Users\Marcus\AppData\Local\IconCache.db
[2010/06/05 22:30:36 | 000,000,120 | ---- | M] () -- C:\Users\Marcus\AppData\Local\Usejadiruvup.dat
[2010/06/03 12:32:05 | 000,525,824 | ---- | M] () -- C:\Users\Marcus\Desktop\dds.com
[2010/06/03 01:46:41 | 000,000,211 | ---- | M] () -- C:\Users\Marcus\Desktop\The £18,000 council job you can't apply for if you are WHITE - General Discussion - Digital Spy Forums.url
[2010/06/03 00:00:05 | 009,031,978 | ---- | M] () -- C:\Users\Marcus\Desktop\Atheletes Foot.WAV
[2010/06/02 19:51:19 | 000,001,531 | ---- | M] () -- C:\Users\Marcus\Desktop\CD - DVD Publishing Service.lnk
[2010/05/31 20:42:32 | 000,000,210 | ---- | M] () -- C:\Users\Marcus\Desktop\Very slow computer, possible spyware - Safer-Networking Forums.url
[2010/05/31 19:01:13 | 000,258,049 | -HS- | M] () -- C:\Users\Marcus\AppData\Roaming\lsass.exe
[2010/05/31 17:32:57 | 000,396,959 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/05/31 17:25:13 | 000,001,061 | ---- | M] () -- C:\Users\Marcus\Desktop\Spybot - Search & Destroy.lnk
[2010/05/25 15:26:47 | 000,000,016 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\vqdlkr.dat
[2010/05/24 01:08:59 | 000,010,296 | ---- | M] () -- C:\Users\Marcus\Documents\I don1.docx
[2010/05/09 11:02:02 | 000,046,592 | ---- | M] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[7 C:\Users\Marcus\Documents\*.tmp files -> C:\Users\Marcus\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/06 09:41:08 | 000,001,594 | ---- | C] () -- C:\Users\Marcus\Desktop\Clean Registry for Free!.lnk
[2010/06/03 12:31:47 | 000,525,824 | ---- | C] () -- C:\Users\Marcus\Desktop\dds.com
[2010/06/03 01:46:41 | 000,000,211 | ---- | C] () -- C:\Users\Marcus\Desktop\The £18,000 council job you can't apply for if you are WHITE - General Discussion - Digital Spy Forums.url
[2010/06/03 00:00:02 | 009,031,978 | ---- | C] () -- C:\Users\Marcus\Desktop\Atheletes Foot.WAV
[2010/06/02 19:51:19 | 000,001,531 | ---- | C] () -- C:\Users\Marcus\Desktop\CD - DVD Publishing Service.lnk
[2010/05/31 20:42:23 | 000,000,210 | ---- | C] () -- C:\Users\Marcus\Desktop\Very slow computer, possible spyware - Safer-Networking Forums.url
[2010/05/31 19:01:50 | 001,464,566 | ---- | C] () -- C:\Windows\System32\MCSCAN32.VXD
[2010/05/31 19:01:50 | 000,063,584 | ---- | C] () -- C:\Windows\System32\vshield.vxd
[2010/05/31 19:01:50 | 000,028,243 | ---- | C] () -- C:\Windows\System32\mckrnl.vxd
[2010/05/31 19:01:50 | 000,026,720 | ---- | C] () -- C:\Windows\System32\vshinit.vxd
[2010/05/31 19:01:50 | 000,023,639 | ---- | C] () -- C:\Windows\System32\mcutil.vxd
[2010/05/31 18:59:32 | 000,258,049 | -HS- | C] () -- C:\Users\Marcus\AppData\Roaming\lsass.exe
[2010/05/31 17:25:13 | 000,001,061 | ---- | C] () -- C:\Users\Marcus\Desktop\Spybot - Search & Destroy.lnk
[2010/05/31 17:07:50 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/05/31 17:07:50 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/05/31 17:07:50 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/05/31 17:07:50 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/05/31 17:07:50 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/05/31 17:07:50 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/05/31 17:07:45 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/05/31 17:07:41 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/05/31 17:07:41 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/05/31 17:07:37 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/05/25 15:28:53 | 000,000,000 | ---- | C] () -- C:\Users\Marcus\AppData\Local\Ltomariv.bin
[2010/05/25 15:28:51 | 000,000,120 | ---- | C] () -- C:\Users\Marcus\AppData\Local\Usejadiruvup.dat
[2010/05/25 15:26:44 | 000,000,016 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\vqdlkr.dat
[2010/05/24 01:08:57 | 000,010,296 | ---- | C] () -- C:\Users\Marcus\Documents\I don1.docx
[2010/02/28 19:23:49 | 000,005,612 | ---- | C] () -- C:\Windows\unpsd.ini
[2009/01/27 11:42:19 | 000,030,080 | ---- | C] () -- C:\Windows\System32\drivers\RKHit.sys
[2008/07/11 19:48:30 | 000,000,080 | RHS- | C] () -- C:\Windows\System32\2C830C097D.dll
[2008/05/15 18:17:38 | 000,000,207 | ---- | C] () -- C:\Windows\wininit.ini
[2008/05/13 19:27:09 | 000,000,586 | -HS- | C] () -- C:\Windows\System32\edgtdhiy.ini
[2008/04/13 16:16:50 | 000,715,248 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/02/14 20:13:09 | 000,000,208 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2007/12/14 20:42:21 | 000,002,962 | ---- | C] () -- C:\Windows\cdplayer.ini
[2007/12/01 01:51:26 | 000,000,316 | ---- | C] () -- C:\Windows\Sampler.INI
[2007/12/01 01:51:26 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2007/12/01 01:51:25 | 000,000,325 | ---- | C] () -- C:\Windows\BeatBox.INI
[2007/10/15 22:43:56 | 000,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2007/09/27 21:14:38 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2007/09/27 21:07:34 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2007/09/24 21:20:24 | 000,000,016 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2007/09/06 20:05:09 | 000,000,245 | ---- | C] () -- C:\Windows\musicmaker.INI
[2007/09/06 20:01:44 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2007/09/06 20:01:39 | 000,038,912 | ---- | C] () -- C:\Windows\System32\mgxasio.dll
[2007/09/06 19:59:56 | 000,000,024 | ---- | C] () -- C:\Windows\magix.ini
[2007/09/06 19:59:55 | 000,000,999 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007/08/24 23:00:00 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2007/08/24 23:00:00 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2007/08/24 23:00:00 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/06/27 23:17:48 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/06/27 23:17:48 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/06 09:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/12 15:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/01/12 15:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/06/23 18:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2004/03/02 07:37:18 | 000,155,648 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004/03/02 07:33:52 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2004/01/27 13:13:54 | 000,421,888 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2004/01/22 19:06:32 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[1998/09/15 09:12:52 | 000,051,200 | ---- | C] () -- C:\Windows\System32\tctsaudio.dll
[1997/06/14 02:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/05/31 19:02:05 | 000,002,664 | ---- | M] () -- C:\agntclient.log
[2007/06/27 23:42:23 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2008/01/19 08:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2007/06/28 00:07:08 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2008/05/25 18:53:45 | 000,005,361 | ---- | M] () -- C:\Bug.txt
[2008/05/25 19:00:45 | 000,021,338 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/09/14 14:34:08 | 000,001,754 | ---- | M] () -- C:\debug.log
[2007/06/28 00:03:51 | 000,000,162 | ---- | M] () -- C:\FINIS_IT.TXT
[2010/06/06 09:38:25 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys
[2008/05/15 18:44:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/10/16 19:32:27 | 000,001,716 | -H-- | M] () -- C:\IPH.PH
[2008/05/15 18:44:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/06/06 09:38:23 | 2460,561,408 | -HS- | M] () -- C:\pagefile.sys
[2007/06/27 23:30:24 | 000,000,471 | ---- | M] () -- C:\RHDSetup.log
[2009/10/05 15:25:05 | 000,003,130 | ---- | M] () -- C:\RootRepeal report 10-05-09 (15-25-05).txt
[2009/10/05 15:27:08 | 000,003,130 | ---- | M] () -- C:\RootRepeal report 10-05-09 (15-25-51).txt
[2008/01/13 12:50:07 | 000,000,158 | ---- | M] () -- C:\YServer.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/19 08:34:08 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2008/01/19 08:34:08 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2008/01/19 08:35:15 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll
[2008/01/19 08:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/19 08:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/27 12:55:16 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

========== Files - Unicode (All) ==========
[2009/08/18 20:24:32 | 000,009,981 | ---- | M] ()(C:\Users\Marcus\Documents\Ko?n.docx) -- C:\Users\Marcus\Documents\KoЯn.docx
[2009/08/18 20:24:31 | 000,009,981 | ---- | C] ()(C:\Users\Marcus\Documents\Ko?n.docx) -- C:\Users\Marcus\Documents\KoЯn.docx
[2008/06/01 22:45:47 | 000,010,014 | ---- | M] ()(C:\Users\Marcus\Documents\???MSN????????.docx) -- C:\Users\Marcus\Documents\久々なMSNの今日のこのごろ.docx
[2008/06/01 22:45:46 | 000,010,014 | ---- | C] ()(C:\Users\Marcus\Documents\???MSN????????.docx) -- C:\Users\Marcus\Documents\久々なMSNの今日のこのごろ.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:A6DF874E
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

**Blade81** · 2010-06-06, 12:49

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTorrent
DNA
Soulseek

I'd like you to read this thread.

Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).

After that:

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

**markus212** · 2010-06-08, 00:54

Hi, I got rid of the p2p programs but I can't get combofix running. The blue screen pops up for a minute and closes without saving a logfile. I've disabled all anti-malware programs too so I'm not sure what happened. I get a few windows error messages along the way.

**Blade81** · 2010-06-08, 12:10

Hi,

Get fresh copy of ComboFix, rename ComboFix.exe file -> DifferentOne.exe and try to run it (try in safe mode if normal mode still fails).

**markus212** · 2010-06-10, 11:23

Hi, sorry for the delay. Unfortunately it didn't work in safe mode either, I got an error message that said: Windows command processor has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.

Thread: Very slow computer, possible spyware

Thread Tools

Display

Very slow computer, possible spyware

Posting Permissions