DDS Log:

DDS (Ver_10-03-17.01) - NTFSX64
Run by Angus Wilsown at 19:30:03.79 on 23/05/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.4095.2296 [GMT 1:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files (x86)\NetMeter\NetMeter.exe
C:\Users\Angus Wilsown\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\Wallpaper Master\Wallpaper.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Auzentech\Auzen X-Fi Prelude 7.1\Volume Panel\VolPanlu.exe
C:\Windows\SysWOW64\CTXFIHLP.EXE
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\foobar2000\foobar2000.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
G:\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=userinit.exe
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\mif5ba~1\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\mif5ba~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
uRun: [c:\program files (x86)\netmeter\netmeter.exe] c:\program files (x86)\netmeter\NetMeter.exe
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [F.lux] "c:\users\angus wilsown\local settings\apps\f.lux\flux.exe" /noshow
uRun: [WallpaperChanger] c:\program files (x86)\wallpaper master\Wallpaper.exe
mRun: [DeathAdder] c:\program files (x86)\razer\deathadder\razerhid.exe
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Everything] "c:\program files (x86)\everything\Everything.exe" -startup
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\mif5ba~1\office14\GROOVEEX.DLL
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
mRun-x64: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun-x64: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun-x64: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun-x64: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun-x64: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\angusw~1\appdata\roaming\mozilla\firefox\profiles\febeprof.angus\
FF - prefs.js: browser.search.selectedEngine - The Pirate Bay
FF - component: c:\users\angus wilsown\appdata\roaming\mozilla\firefox\profiles\febeprof.angus\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - plugin: c:\progra~2\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~2\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files (x86)\opera 10 beta\program\plugins\NPSWF32.dll
FF - plugin: c:\program files (x86)\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files (x86)\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files (x86)\opera\program\plugins\nprpjplug.dll
FF - plugin: c:\users\angus wilsown\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\angus wilsown\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [2009-12-13 1455648]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 173984]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files (x86)\daodb\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2009-12-17 1153368]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-3-3 6402560]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-3-3 188928]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x64.sys [2009-10-13 61440]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2010-2-13 12928]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 40832]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-5-8 136176]
S2 MSWU-d6cebc64;MSWU-d6cebc64;c:\windows\system32\d6cebc64.exe --> c:\windows\system32\d6cebc64.exe [?]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2009-12-13 250400]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files (x86)\common files\creative labs shared\service\AL1Licensing.exe [2010-5-1 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2010-5-1 79360]
S3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\drivers\CYUSB.sys [2010-2-13 47104]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-26 25832]
S3 HTCAND64;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 32768]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam_x64.sys [2008-3-13 27136]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 51445112]
S3 ose64;Office 64 Source Engine;c:\program files\common files\microsoft shared\source engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-5-23 31800]
S3 SaiHF51A;SaiHF51A;c:\windows\system32\drivers\SaiHF51A.sys [2007-5-31 175880]
S3 SaiUF51A;SaiUF51A;c:\windows\system32\drivers\SaiUF51A.sys [2007-5-31 34432]
S4 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\common files\acronis\cdp\afcdpsrv.exe [2009-12-13 2326920]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-3-3 202752]

=============== Created Last 30 ================

2010-05-23 15:00:28 75264 ----a-w- c:\windows\syswow64\d6cebc64.exe
2010-05-23 14:30:56 11 ----a-r- c:\windows\amunres.lsl
2010-05-23 10:37:12 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-05-23 10:37:11 0 d-----w- c:\program files\VS Revo Group
2010-05-22 08:40:03 0 d-----w- c:\programdata\Logitech
2010-05-22 08:40:02 0 d-----w- c:\program files\Logitech
2010-05-20 21:56:40 8431 ----a-w- c:\users\angus wilsown\.recently-used.xbel
2010-05-17 11:08:30 0 d-----w- c:\program files (x86)\MSXML 4.0
2010-05-16 22:27:01 0 d-----w- c:\users\angusw~1\appdata\roaming\Mael
2010-05-16 22:24:05 0 d-----w- c:\program files (x86)\HxD
2010-05-16 22:12:35 0 d-----w- c:\programdata\HTC
2010-05-16 22:12:33 0 d-----w- c:\programdata\Teleca
2010-05-16 22:12:04 0 d-----w- c:\program files (x86)\Spirent Communications
2010-05-16 21:57:11 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUsb_01007.Wdf
2010-05-16 21:54:39 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2010-05-16 20:54:48 0 d-----w- c:\users\angusw~1\appdata\roaming\FastSum
2010-05-16 20:54:21 0 d-----w- c:\program files (x86)\FastSum
2010-05-16 20:47:07 0 d-----w- C:\ruu_log
2010-05-16 20:42:30 0 d-----w- c:\users\angus wilsown\.android
2010-05-16 20:40:45 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
2010-05-16 18:06:07 0 d-----w- c:\program files (x86)\common files\HP
2010-05-16 18:06:05 0 d-----w- c:\program files (x86)\common files\Hewlett-Packard
2010-05-16 18:05:44 136704 ----a-w- c:\windows\system32\hpf3l70w.dll
2010-05-16 18:05:30 0 d-----w- c:\program files (x86)\HP
2010-05-16 18:04:25 532 ------w- c:\windows\hpomdl46.dat
2010-05-16 18:04:25 173146 ----a-w- c:\windows\hpoins46.dat
2010-05-16 18:04:23 0 d-----w- c:\programdata\HP
2010-05-16 18:04:13 881664 ----a-w- c:\windows\system32\hposwia_d02d.dll
2010-05-16 18:04:13 642360 ----a-w- c:\windows\system32\hpzids40.dll
2010-05-16 18:04:13 551424 ----a-w- c:\windows\system32\hppldcoi.dll
2010-05-16 18:04:12 749056 ----a-w- c:\windows\system32\hpost_d02d.dll
2010-05-16 18:04:12 516096 ----a-w- c:\windows\system32\hposc_d02a.dll
2010-05-16 17:16:08 0 d-----w- c:\users\angusw~1\appdata\roaming\Canneverbe Limited
2010-05-16 17:16:07 0 d-----w- c:\programdata\Canneverbe Limited
2010-05-16 17:15:57 0 d-----w- c:\program files\CDBurnerXP
2010-05-14 20:23:00 0 d-----w- c:\program files\HTC
2010-05-14 20:22:33 0 ----a-w- c:\windows\DbgOut.INI
2010-05-14 19:59:46 0 d-----w- c:\users\angusw~1\appdata\roaming\Teleca
2010-05-14 19:58:38 0 d-----w- c:\program files (x86)\HTC
2010-05-13 20:11:46 0 d-----w- c:\program files (x86)\gish153
2010-05-13 20:11:04 0 d-----w- c:\program files (x86)\Lugaru
2010-05-13 20:09:51 0 d-----w- c:\program files (x86)\Samorost2
2010-05-13 19:26:45 0 d-----w- c:\program files (x86)\Aquaria
2010-05-12 08:31:50 976896 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-12 08:31:49 740864 ----a-w- c:\windows\syswow64\inetcomm.dll
2010-05-11 09:51:21 180224 ----a-w- c:\windows\syswow64\QTCF.dll
2010-05-10 16:30:59 0 d-----w- C:\temp
2010-05-10 16:30:54 0 d-----w- c:\users\angusw~1\appdata\roaming\zenses
2010-05-10 16:30:54 0 d-----w- c:\program files (x86)\Zenses2
2010-05-08 16:06:06 0 d-----w- c:\users\angusw~1\appdata\roaming\PeaZip
2010-05-08 16:03:43 0 d-----w- c:\program files\PeaZip
2010-05-03 15:39:51 0 d-----w- c:\users\angusw~1\appdata\roaming\.matplotlib
2010-05-01 21:23:25 0 d-----w- c:\users\angus wilsown\.gimp-2.6
2010-05-01 21:02:31 788 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000002-00001102-00000005-0034415A}.rfx
2010-05-01 21:02:31 60888 ----a-w- c:\windows\system32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000005-0034415A}.rfx
2010-05-01 21:02:31 60888 ----a-w- c:\windows\system32\BMXState-{00000004-00000000-00000002-00001102-00000005-0034415A}.rfx
2010-05-01 21:00:44 90112 ------w- c:\windows\Updreg.EXE
2010-05-01 21:00:23 102400 ----a-w- c:\windows\syswow64\cttele32.dll
2010-05-01 21:00:22 108032 ----a-w- c:\windows\system32\cttele64.dll
2010-05-01 20:59:35 89088 ----a-w- c:\windows\system32\CmdRtr64.DLL
2010-05-01 20:59:35 73728 ----a-w- c:\windows\syswow64\CmdRtr.DLL
2010-05-01 20:59:35 191488 ----a-w- c:\windows\system32\APOMgr64.DLL
2010-05-01 20:59:35 159 ---ha-r- c:\windows\ctfile.rfc
2010-05-01 20:59:35 148480 ----a-w- c:\windows\syswow64\APOMngr.DLL
2010-05-01 20:58:10 0 d-----w- c:\program files (x86)\common files\Creative Labs Shared
2010-05-01 20:57:59 0 d-----w- c:\program files\Creative
2010-04-28 07:21:47 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-04-28 06:40:29 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-28 06:39:55 96768 ----a-w- c:\windows\syswow64\sspicli.dll
2010-04-28 06:39:55 22016 ----a-w- c:\windows\syswow64\secur32.dll
2010-04-28 06:39:55 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-28 06:39:55 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-28 06:39:55 12867072 ----a-w- c:\windows\syswow64\shell32.dll
2010-04-25 12:17:09 0 d-----w- c:\program files\7-Zip

==================== Find3M ====================

2010-05-21 18:58:06 1077 ----a-w- c:\program files\cports.cfg
2010-05-06 09:36:38 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-05-01 20:59:48 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2010-05-01 20:59:48 444952 ----a-w- c:\windows\syswow64\wrap_oal.dll
2010-04-20 19:19:27 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-04-20 19:19:27 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-04-20 19:19:27 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-04-20 19:19:27 145184 ----a-w- c:\windows\syswow64\java.exe
2010-03-14 18:44:42 51594 ----a-w- c:\users\angusw~1\appdata\roaming\unins000.dat
2010-03-14 18:41:49 867610 ----a-w- c:\users\angusw~1\appdata\roaming\unins000.exe
2010-03-08 21:59:59 612352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 21:33:56 427520 ----a-w- c:\windows\syswow64\vbscript.dll
2010-03-03 04:16:38 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-03-03 04:16:26 446464 ----a-w- c:\windows\syswow64\aticfx32.dll
2010-03-03 04:15:30 497152 ----a-w- c:\windows\system32\aticfx64.dll
2010-03-03 04:13:04 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-03-03 04:12:52 450560 ----a-w- c:\windows\system32\atieclxx.exe
2010-03-03 04:12:12 202752 ----a-w- c:\windows\system32\atiesrxx.exe
2010-03-03 04:10:34 120320 ----a-w- c:\windows\system32\atitmm64.dll
2010-03-03 04:10:12 420864 ----a-w- c:\windows\system32\atipdl64.dll
2010-03-03 04:10:04 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll
2010-03-03 04:09:48 274432 ----a-w- c:\windows\syswow64\Oemdspif.dll
2010-03-03 04:09:40 12288 ----a-w- c:\windows\system32\atimuixx.dll
2010-03-03 04:09:34 59392 ----a-w- c:\windows\system32\atiedu64.dll
2010-03-03 04:09:28 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll
2010-03-03 04:06:18 3131392 ----a-w- c:\windows\syswow64\atidxx32.dll
2010-03-03 04:04:46 18798080 ----a-w- c:\windows\system32\atio6axx.dll
2010-03-03 03:57:00 3800576 ----a-w- c:\windows\system32\atidxx64.dll
2010-03-03 03:46:42 3703808 ----a-w- c:\windows\syswow64\atiumdag.dll
2010-03-03 03:45:02 14226944 ----a-w- c:\windows\syswow64\atioglxx.dll
2010-03-03 03:39:46 4801536 ----a-w- c:\windows\system32\atiumd64.dll
2010-03-03 03:32:06 2716160 ----a-w- c:\windows\system32\atiumd6a.dll
2010-03-03 03:24:24 2993152 ----a-w- c:\windows\syswow64\atiumdva.dll
2010-03-03 03:23:52 55296 ----a-w- c:\windows\system32\coinst.dll
2010-03-03 03:20:22 43008 ----a-w- c:\windows\system32\aticalrt64.dll
2010-03-03 03:20:20 53248 ----a-w- c:\windows\syswow64\aticalrt.dll
2010-03-03 03:20:10 39936 ----a-w- c:\windows\system32\aticalcl64.dll
2010-03-03 03:20:08 53248 ----a-w- c:\windows\syswow64\aticalcl.dll
2010-03-03 03:19:56 4781568 ----a-w- c:\windows\system32\aticaldd64.dll
2010-03-03 03:18:56 3657728 ----a-w- c:\windows\syswow64\aticaldd.dll
2010-03-03 03:08:50 53248 ----a-w- c:\windows\system32\atimpc64.dll
2010-03-03 03:08:50 53248 ----a-w- c:\windows\system32\amdpcom64.dll
2010-03-03 03:08:44 52224 ----a-w- c:\windows\syswow64\atimpc32.dll
2010-03-03 03:08:44 52224 ----a-w- c:\windows\syswow64\amdpcom32.dll
2010-03-03 03:08:14 330752 ----a-w- c:\windows\system32\atiadlxx.dll
2010-03-03 03:08:06 237568 ----a-w- c:\windows\syswow64\atiadlxy.dll
2010-03-03 03:07:54 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2010-03-03 03:07:48 12800 ----a-w- c:\windows\syswow64\atiglpxx.dll
2010-03-03 03:07:48 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-03-03 03:07:44 16896 ----a-w- c:\windows\system32\atig6txx.dll
2010-03-03 03:07:38 15360 ----a-w- c:\windows\syswow64\atigktxx.dll
2010-03-03 03:06:50 36352 ----a-w- c:\windows\system32\atiuxp64.dll
2010-03-03 03:06:42 27648 ----a-w- c:\windows\syswow64\atiuxpag.dll
2010-03-03 03:06:34 28160 ----a-w- c:\windows\system32\atiu9p64.dll
2010-03-03 03:06:26 20480 ----a-w- c:\windows\syswow64\atiu9pag.dll
2010-02-27 20:35:37 76852 ----a-r- c:\windows\fonts\tesla_regular.ttf
2010-02-27 15:17:00 5509008 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 12:07:48 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-02-27 12:07:48 3899280 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-02-25 19:55:46 201875 ----a-w- c:\windows\system32\atiicdxx.dat
2010-02-23 08:22:50 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 08:16:17 294912 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-23 07:56:00 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-02-23 07:55:56 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-02-23 07:55:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-02-23 07:55:43 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-02-23 07:55:43 5964800 ----a-w- c:\windows\syswow64\mshtml.dll
2010-02-23 07:55:24 10978816 ----a-w- c:\windows\syswow64\ieframe.dll
2010-02-23 07:55:20 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2009-11-06 14:03:12 19017 ----a-w- c:\program files\readme.txt
2009-11-06 14:03:12 18364 ----a-w- c:\program files\cports.chm
2009-11-06 14:02:12 49664 ----a-w- c:\program files\cports.exe
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-23 10:28:18 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 19:32:11.75 ===============


Hi.
Microsoft Security Essentials detected a trojan named 'brj.exe.'. It said my PC needed to be restarted before it could be removed. When my PC was restarted I could no longer connect to the internet, Windows reported my PC as connected to the internet, but nothing was working. Pinging my router worked, but pinging google.com gave me a lookup error. The only thing that works is steam friends for some reason :confused:. I also found 3 suspicious processes; logger.exe, capabilitymanager.exe and generic.exe all running from
C:\Program Files (x86)\Common Files\Teleca Shared, which I have now deleted. Spybot detected some malwate, however it said it needed to be restarted for them to be removed, but on restart they were no longer found. The network is definitely working
Thanks
Angus.

Hi,


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Copy-paste following contents into custom scan -area:
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

OTL.txt was too big to post so it's attached in a Zip.
Extras.txt is:
OTL Extras logfile created on: 28/05/2010 16:40:05 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Angus Wilsown\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.67 Gb Total Space | 187.53 Gb Free Space | 40.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931.51 Gb Total Space | 434.26 Gb Free Space | 46.62% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEAST
Current User Name: Angus Wilsown
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PeaZip] -- Reg Error: Value error.
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PeaZip] -- Reg Error: Value error.
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6
"{23170F69-40C1-2702-0913-000001000000}" = 7-Zip 9.13 (x64 edition)
"{23F108F0-BD12-A639-8C6E-BB1F7AF736C1}" = ccc-utility64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51FD1644-F4A7-44C6-B0B3-2C3787B918D8}" = BOINC
"{55C09FC1-D2D8-495A-BD80-D6725F0DCA58}" = Logitech GamePanel Software 3.04.137
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 3.1
"{6741B646-3DBE-AF40-75FA-959847831D9F}" = ATI Catalyst Install Manager
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.2.0
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
"Microsoft Security Essentials" = Microsoft Security Essentials
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Recuva" = Recuva

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (BWDATOOLSET)
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{361F225F-FA95-46D0-81AF-2C64CA32047C}" = Evince 2.30.0
"{36D8A747-3FC1-121F-6C92-2F79A9B3172D}" = Catalyst Control Center Graphics Full New
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Dragon Age Toolset
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A90C837-054E-44AE-B9BD-1B1F87986BBC}" = Folding@home-gpu
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.20
"{89D16846-7491-A3C3-89D9-006906602FA2}" = Catalyst Control Center Graphics Previews Common
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CDCDD72-388E-0A2A-4847-873C448033EA}" = Catalyst Control Center Graphics Previews Vista
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABEA2729-EC98-20C5-445F-1A50AB5BF73B}" = RedditAddict Lite
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BC4174D1-7970-40E6-AC57-F095F961FB08}" = HTC Sync
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis*True*Image*Home
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{D5395E5F-4D45-4665-8F00-234FA33678AF}" = SlimDX Redistributable (March 2009)
"{DA7D5E4A-7AEA-45BE-AA03-3748282DFB09}" = Auzen X-Fi Prelude 7.1
"{DC3F66CA-9DFD-41EA-9D9E-FD86F1446A3D}" = Catalyst Control Center Core Implementation
"{E25BEA72-89F8-121D-5481-0347B9446673}" = ccc-core-static
"{E288FAEB-D102-0ACA-DF6A-9BD3C90FA08B}" = Catalyst Control Center HydraVision Full
"{E4D35928-2C24-A87E-8240-CC7E25548F52}" = Catalyst Control Center Graphics Full Existing
"{E76CDA48-6FB1-49C5-0769-7B9444664056}" = Catalyst Control Center Graphics Light
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
"{EB3B36B9-E1F4-81BA-BEB5-4FB07D4CEE39}" = Catalyst Control Center InstallProxy
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F343FA04-CFC0-487C-A617-A5E8CF4D7B10}" = Image Grabber II.NET
"{F5E0B89C-AABA-639D-B6F5-C3FB085FB120}" = CCC Help English
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Anki" = Anki
"Aquaria" = Aquaria
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"CCleaner" = CCleaner
"com.tritelife.redditaddictlite.DE765BC21D891F85724F79F7968E9DAFCA1028CF.1" = RedditAddict Lite
"Defraggler" = Defraggler
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DTS Connect Pack" = DTS Connect Pack
"EULAlyzer_is1" = EULAlyzer 2.0
"Everything" = Everything 1.2.1.371
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"Fallout Mod Manager_is1" = Fallout Mod Manager 0.11.9
"FastSum_is1" = FastSum 1.7 Standard Edition and FastSum 1.9 Command-Line Editi
"FLAC" = FLAC 1.2.1b (remove only)
"foobar2000" = foobar2000 v1.0
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HDTP" = Deus Ex - HDTP
"HijackThis" = HijackThis 2.0.2
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"NetMeter_is1" = NetMeter 1.1.4 BETA
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"Pidgin" = Pidgin
"qt7lite_is1" = QT Lite 3.2.2
"Spotify" = Spotify
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 12170" = Grand Theft Auto
"Steam App 1250" = Killing Floor
"Steam App 12900" = Audiosurf
"Steam App 13240" = Unreal Tournament
"Steam App 13560" = Tom Clancy's Splinter Cell
"Steam App 1500" = Darwinia
"Steam App 15130" = Beyond Good and Evil
"Steam App 15700" = Oddworld: Abe's Oddysee
"Steam App 15710" = Oddworld: Abe's Exoddus
"Steam App 17410" = Mirror's Edge
"Steam App 20500" = Red Faction: Guerrilla
"Steam App 218" = Source SDK Base - Orange Box
"Steam App 220" = Half-Life 2
"Steam App 22300" = Fallout 3
"Steam App 240" = Counter-Strike: Source
"Steam App 24740" = Burnout Paradise: The Ultimate Box
"Steam App 26800" = Braid
"Steam App 31410" = Zombie Driver
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 32310" = Indiana Jones and the Last Crusade
"Steam App 32380" = Star Wars Jedi Knight: Dark Forces II
"Steam App 32390" = Star Wars Jedi Knight: Mysteries of the Sith
"Steam App 32400" = Star Wars: Dark Forces
"Steam App 35010" = Batman: Arkham Asylum
"Steam App 35060" = Batman: Arkham Asylum - License Revoking Tool
"Steam App 3590" = Plants Vs Zombies
"Steam App 3720" = Evil Genius
"Steam App 37400" = Time Gentlemen, Please!
"Steam App 37420" = Ben There, Dan That!
"Steam App 380" = Half-Life 2: Episode One
"Steam App 3830" = Psychonauts
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 40400" = AI War: Fleet Command
"Steam App 41000" = Serious Sam HD: The First Encounter
"Steam App 41300" = Altitude
"Steam App 41500" = Torchlight
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 6010" = Indiana Jones and the Fate of Atlantis
"Steam App 6200" = Ghost Master
"Steam App 6310" = The Longest Journey
"Steam App 6900" = Hitman: Codename 47
"Steam App 6910" = Deus Ex: Game of the Year Edition
"Steam App 70" = Half-Life
"Steam App 7670" = BioShock
"Steam App 7760" = X-COM: UFO Defense
"Steam App 8170" = Battlestations: Pacific
"Steam App 8880" = Freedom Force
"Steam App 8890" = Freedom Force vs. the 3rd Reich
"Steam App 9480" = Saints Row 2
"Steam App 9740" = Indigo Prophecy
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"Wallpaper Master_is1" = Wallpaper Master Pro v1.51
"Winamp" = Winamp
"Zenses2" = Zenses2 Beta2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"Flux" = F.lux
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/05/2010 12:22:15 | Computer Name = BEAST | Source = Google Update | ID = 20
Description =

Error - 26/05/2010 11:46:50 | Computer Name = BEAST | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 26/05/2010 11:48:29 | Computer Name = BEAST | Source = Software Protection Platform Service | ID = 8209
Description = Genuine state set to non-genuine (0x00000000) for application Id 55c92734-d682-4d71-983e-d6ec3f16059f

Error - 26/05/2010 11:48:29 | Computer Name = BEAST | Source = Software Protection Platform Service | ID = 8208
Description = Acquisition of genuine ticket failed (hr=0xC004C4AB) for template
Id 66c92734-d682-4d71-983e-d6ec3f16059f

Error - 26/05/2010 11:49:43 | Computer Name = BEAST | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "c:\program files (x86)\Creative\audio
device selection unicode\CTAudSeu.exe".Error in manifest or policy file "c:\program
files (x86)\Creative\audio device selection unicode\CTAudSeu.exe" on line 2. Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 26/05/2010 11:50:05 | Computer Name = BEAST | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 27/05/2010 08:34:42 | Computer Name = BEAST | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 27/05/2010 08:37:43 | Computer Name = BEAST | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "c:\program files (x86)\Creative\audio
device selection unicode\CTAudSeu.exe".Error in manifest or policy file "c:\program
files (x86)\Creative\audio device selection unicode\CTAudSeu.exe" on line 2. Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 27/05/2010 08:38:06 | Computer Name = BEAST | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 27/05/2010 14:46:42 | Computer Name = BEAST | Source = Application Error | ID = 1000
Description = Faulting application name: FahCore_11.exe, version: 0.0.0.0, time
stamp: 0x49907d63 Faulting module name: aticaldd.dll, version: 6.14.10.556, time
stamp: 0x4b8dd520 Exception code: 0xc0000005 Fault offset: 0x0009dba6 Faulting process
id: 0xe9c Faulting application start time: 0x01cafdc1f6ec887d Faulting application
path: C:\Users\Angus Wilsown\AppData\Roaming\Folding@home-gpu\FahCore_11.exe Faulting
module path: C:\Windows\system32\aticaldd.dll Report Id: 30afeeee-69c0-11df-a2a3-001fc6e32e27

[ System Events ]
Error - 06/04/2010 07:08:09 | Computer Name = BEAST | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.79.1206.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5605.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 06/04/2010 07:08:09 | Computer Name = BEAST | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.79.1206.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5605.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 06/04/2010 07:08:09 | Computer Name = BEAST | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.79.1206.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5605.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 08/04/2010 09:22:06 | Computer Name = BEAST | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.79.1359.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5605.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 08/04/2010 09:22:06 | Computer Name = BEAST | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.79.1359.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5605.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 08/04/2010 09:22:06 | Computer Name = BEAST | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.79.1359.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5605.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 08/04/2010 10:17:46 | Computer Name = BEAST | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.

Error - 08/04/2010 10:17:46 | Computer Name = BEAST | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053

Error - 09/04/2010 04:35:35 | Computer Name = BEAST | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.

Error - 09/04/2010 04:35:35 | Computer Name = BEAST | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053


< End of report >

Hi,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent



I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).

After that:


Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the quote box into a new file:



@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
ping -n 2 google.com
route print
)
start Log1.txt
del %0



Go to the File menu at the top of the Notepad and select Save as.
Select save in: desktop
Fill in File name: test.bat
Save as type: All file types (*.*)
Click save.
Close the Notepad.
Locate and right click test.bat on the desktop and select run as administrator.
A notepad opens, copy and paste the content it (log1.txt) to your reply.

Utorrent is now uninstalled
Here are the contents of the text file:

Windows IP Configuration

Host Name . . . . . . . . . . . . : BEAST
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller
Physical Address. . . . . . . . . : 00-1F-C6-E3-2E-27
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e818:7ebb:3584:5187%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 28 May 2010 17:12:55
Lease Expires . . . . . . . . . . : 31 May 2010 17:12:54
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 268443590
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-B6-A5-C6-00-1F-C6-E3-2E-27
DNS Servers . . . . . . . . . . . : 158.152.1.58
158.152.1.43
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{CAF0A7F9-6F3B-4684-A5DF-3BABF8DD2AB7}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:73ba:18aa:7f1:c1c7:8282(Preferred)
Link-local IPv6 Address . . . . . : fe80::18aa:7f1:c1c7:8282%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: cache-1.ns.demon.net
Address: 158.152.1.58

Name: google.com
Addresses: 209.85.227.104
209.85.227.105
209.85.227.147
209.85.227.99
209.85.227.103
209.85.227.106


Pinging google.com [209.85.227.104] with 32 bytes of data:
Reply from 209.85.227.104: bytes=32 time=52ms TTL=54
Reply from 209.85.227.104: bytes=32 time=53ms TTL=54

Ping statistics for 209.85.227.104:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 52ms, Maximum = 53ms, Average = 52ms
===========================================================================
Interface List
13...00 1f c6 e3 2e 27 ......Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.2 276
192.168.0.2 255.255.255.255 On-link 192.168.0.2 276
192.168.0.255 255.255.255.255 On-link 192.168.0.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 58 ::/0 On-link
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:5ef5:73ba:18aa:7f1:c1c7:8282/128
On-link
13 276 fe80::/64 On-link
11 306 fe80::/64 On-link
11 306 fe80::18aa:7f1:c1c7:8282/128
On-link
13 276 fe80::e818:7ebb:3584:5187/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
13 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

Would you rather I pasted logs in a code form, or

Hi,


Would you rather I pasted logs in a code form, or
Without code tags is better, thank you. Have you tested connecting internet with both Internet Explorer and Firefox?

Please try to update MBAM database and then run a quick scan with it (remove found items). Post back the report.

Hi,


Without code tags is better, thank you. Have you tested connecting internet with both Internet Explorer and Firefox?

Please try to update MBAM database and then run a quick scan with it (remove found items). Post back the report.

The internet has started working :confused:. It started to work after the OTL scan. Not sure if I'm still infected though. Here is the MBAM Log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4153

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

29/05/2010 10:28:34
mbam-log-2010-05-29 (10-28-34).txt

Scan type: Quick scan
Objects scanned: 126035
Time elapsed: 3 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

As you can see the Trojan was removed.

Hi again,

Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).

Post back the report. Any issues left?

I'm Reinstalling my OS for unrelated reasons, so no more help is needed. Thank you very much though!

Ok. Thanks for letting us know.