PDA

View Full Version : Opachki.ru


bushmeister69
2010-07-20, 15:11
My wife's PC has been infected by a trojan called Opachki.ru. I've tried running Search and Destroy to fix this but still seem to be having the same problems. Sometimes the scan finds Opachki again and then sometimes it's not picked up??? I've ran the DDS and here are the results.


DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Jon Bush at 12:53:14.45 on 20/07/2010
Internet Explorer: 8.0.6001.18928
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2047.1249 [GMT 1:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Jon Bush\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UL4LCA4D\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.7.0.12\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\google\google_bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30618; OfficeLiveConnector.1.4; OfficeLivePatch.0.0)" -"http://www.englandunderneath.com/"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\labtec\webcam10\WebCam10.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\jonbus~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\videoc~1.lnk - c:\program files\common files\panasonic\videocam suite autostart\VideoCamSuiteAutoStart.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1107000.00c\symds.sys [2010-5-25 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1107000.00c\symefa.sys [2010-5-25 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20100709.001\BHDrvx86.sys [2010-7-13 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1107000.00c\cchpx86.sys [2010-5-25 501888]
S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20100719.001\IDSvix86.sys [2010-7-20 344112]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1107000.00c\ironx86.sys [2010-5-25 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1107000.00c\symtdiv.sys [2010-5-25 339504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c98c99a464931d;Google Update Service (gupdate1c98c99a464931d);c:\program files\google\update\GoogleUpdate.exe [2009-2-11 133104]
S2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-5-25 126392]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 102448]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-07-20 09:57:38 0 d-----w- c:\users\jonbus~1\appdata\roaming\Malwarebytes
2010-07-20 09:57:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-20 09:57:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 09:57:30 0 d-----w- c:\programdata\Malwarebytes
2010-07-20 09:57:30 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-20 09:28:35 0 d-----w- c:\program files\Safer Networking
2010-07-20 07:41:06 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-07-19 11:00:20 0 d-----w- c:\program files\NVIDIA Corporation
2010-07-18 20:12:21 524288 --sha-w- c:\users\jon bush\ntuser.dat{989ab208-92a8-11df-9764-001167baa2f1}.TMContainer00000000000000000002.regtrans-ms
2010-07-18 20:12:21 524288 --sha-w- c:\users\jon bush\ntuser.dat{989ab208-92a8-11df-9764-001167baa2f1}.TMContainer00000000000000000001.regtrans-ms
2010-07-18 20:12:20 65536 --sha-w- c:\users\jon bush\ntuser.dat{989ab208-92a8-11df-9764-001167baa2f1}.TM.blf
2010-07-18 20:11:36 173043626 ----a-w- c:\windows\MEMORY.DMP
2010-07-18 15:57:42 0 d-----w- c:\users\jonbus~1\appdata\roaming\Tific
2010-07-18 15:55:42 65536 --sha-w- c:\users\jon bush\ntuser.dat{ca9c7e6c-9284-11df-b14b-001167baa2f1}.TM.blf
2010-07-18 15:55:42 524288 --sha-w- c:\users\jon bush\ntuser.dat{ca9c7e6c-9284-11df-b14b-001167baa2f1}.TMContainer00000000000000000002.regtrans-ms
2010-07-18 15:55:42 524288 --sha-w- c:\users\jon bush\ntuser.dat{ca9c7e6c-9284-11df-b14b-001167baa2f1}.TMContainer00000000000000000001.regtrans-ms
2010-07-16 19:22:23 0 d-----w- c:\programdata\Panasonic
2010-07-16 19:08:47 59488 ----a-w- c:\windows\system32\GenSvcInst.exe
2010-07-16 19:08:47 33408 ----a-w- c:\windows\system32\drivers\cdrbsdrv.sys
2010-07-16 19:08:47 145504 ----a-w- c:\windows\system32\bgsvcgen.exe
2010-07-16 19:08:44 0 d-----w- c:\program files\common files\Panasonic
2010-07-16 19:08:05 0 d-----w- c:\program files\Microsoft Synchronization Services
2010-07-11 22:13:32 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-07-11 22:13:29 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2010-07-11 22:13:25 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-07-11 22:13:24 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-07-11 22:13:24 217088 ----a-w- c:\windows\system32\psisrndr.ax
2010-07-11 22:06:45 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-11 22:06:45 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-11 22:06:45 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-07-11 22:06:45 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-11 22:06:45 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-07-11 21:55:15 2036224 ----a-w- c:\windows\system32\win32k.sys
2010-07-06 18:23:34 0 d-----w- c:\users\jon bush\{cb915916-526e-43cb-968e-6f0aa6df1d4c}
2010-07-06 18:22:41 527136 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-07-06 18:22:41 51370 ----a-w- c:\windows\system32\lvcoinst.ini
2010-07-06 18:22:41 41376 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys
2010-07-06 18:22:41 264992 ----a-w- c:\windows\system32\lvcodec2.dll
2010-07-06 18:22:41 215840 ----a-w- c:\windows\system32\LVUI2.dll
2010-07-06 18:22:41 14240 ----a-w- c:\windows\system32\drivers\lv302af.sys
2010-07-06 18:22:41 13398 ----a-w- c:\windows\system32\Repository.reg
2010-07-06 18:22:41 1273504 ----a-w- c:\windows\system32\drivers\LV302V32.SYS
2010-07-06 17:52:52 560 ----a-w- c:\windows\_delis32.ini
2010-07-03 11:23:04 0 d-----w- c:\programdata\Sun
2010-07-03 11:07:28 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-27 16:59:54 0 d-----w- c:\program files\Logitech Touch Mouse Server

==================== Find3M ====================

2010-07-20 08:47:30 35189 ----a-w- c:\programdata\nvModes.dat
2010-07-20 07:33:35 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-20 07:33:34 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-20 07:33:28 86016 ----a-w- c:\windows\inf\infstor.dat
2010-05-26 16:16:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25:15 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-23 13:55:52 2048 ----a-w- c:\windows\system32\tzres.dll
2008-07-22 17:10:41 174 --sha-w- c:\program files\desktop.ini
2008-07-22 16:59:05 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-07-29 10:42:23 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-15 11:51:55 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-31 10:53:41 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009101920091026\index.dat
2009-10-31 10:53:41 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009103120091101\index.dat
2007-01-03 16:26:15 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 12:54:34.67 ===============
ken545
2010-07-24, 19:34
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.



Sorry for the delay but the forums are very busy


Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean






Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
bushmeister69
2010-07-26, 16:27
These are the results from the programs you asked me to run. I've only been able to run in safe mode, because the pc just freezes after a minute if running in normal mode.

Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41661 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 804 bytes
->Flash cache emptied: 2503 bytes

User: Jon Bush
->Temp folder emptied: 40644878 bytes
->Temporary Internet Files folder emptied: 85697454 bytes
->Java cache emptied: 111722457 bytes
->Flash cache emptied: 48428 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 118784 bytes
%systemroot%\System32 .tmp files removed: 367616 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6282072 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 51797677 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 590 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 12000522881 bytes
Process complete!

Total Files Cleaned = 11,728.00 mb







Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4351

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.18928

26/07/2010 14:16:20
mbam-log-2010-07-26 (14-16-20).txt

Scan type: Full scan (C:\|)
Objects scanned: 443757
Time elapsed: 1 hour(s), 7 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
ken545
2010-07-26, 19:35
Hi,

You can run both these programs in Safemode, transfer them by CD if you need to.

Please download GMER from one of the following locations and save it to your desktop:
Main Mirror (http://gmer.net/download.php)
This version will download a randomly named file (Recommended)
Zipped Mirror (http://gmer.net/gmer.zip)
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html) so your security programs will not conflict with gmer's driver.
Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif

GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and re-enable all active protection when done.








Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
bushmeister69
2010-07-27, 13:37
I was unable to disable our Norton 360 in safe mode and manage to do it in normal mode. I then ran the GMER program, while still in normal mode, but it crashed the whole pc saying that windows had encountered a problem and needed to close. I then tried to run it again in safe mode but it crashed again. I tried one more time in safe mode and this time it ran ok. Below are the results from GMER.log. The OTL notepads were too long to put in this post so will post them seperately after this post. We do really appreciate the time you're putting in to try and help us.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-27 10:32:39
Windows 6.0.6001 Service Pack 1
Running: of484t1r.exe; Driver: C:\Users\JONBUS~1\AppData\Local\Temp\pwldrfog.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [746D88B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [747198A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [746DB9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [746CFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [746D7A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [746CEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7470B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [746DBC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [746D074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [746D06B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746C71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7475D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [746F7379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [746CE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [746C697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746C69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [746D2465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001167baa2f1
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001167baa2f1 (not active ControlSet)

---- EOF - GMER 1.0.15 ----
bushmeister69
2010-07-27, 13:38
OTL logfile created on: 27/07/2010 10:38:48 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Jon Bush\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 327.35 Gb Total Space | 194.23 Gb Free Space | 59.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JONBUSH-PC
Current User Name: Jon Bush
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Jon Bush\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Jon Bush\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)


========== Driver Services (SafeList) ==========

DRV - (USBModem) -- C:\Windows\System32\DRIVERS\lgusbmodem.sys File not found
DRV - (UsbDiag) -- C:\Windows\System32\DRIVERS\lgusbdiag.sys File not found
DRV - (usbbus) -- C:\Windows\System32\DRIVERS\lgusbbus.sys File not found
DRV - (RPSKT) Security Services Driver (x86) -- C:\Windows\System32\DRIVERS\rp_skt32.sys File not found
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\DRIVERS\LV302V32.SYS File not found
DRV - (pepifilter) -- C:\Windows\System32\DRIVERS\lv302af.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100722.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100722.003\NAVENG.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100721.003\IDSvix86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100709.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NIS\1107000.00C\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1107000.00C\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1107000.00C\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1107000.00C\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1107000.00C\SRTSPX.SYS (Symantec Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\system32\drivers\NIS\1107000.00C\ccHPx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1107000.00C\SYMDS.SYS (Symantec Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (BlueletAudio) -- C:\Windows\System32\drivers\blueletaudio.sys (IVT Corporation.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.)
DRV - (BlueletSCOAudio) -- C:\Windows\System32\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (BT) -- C:\Windows\System32\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys (IVT Corporation.)
DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys (IVT Corporation.)
DRV - (VcommMgr) -- C:\Windows\System32\drivers\VCommMgr.sys (IVT Corporation.)
DRV - (VComm) -- C:\Windows\System32\drivers\VComm.sys (IVT Corporation.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/03/12 03:44:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/04 12:24:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/05/26 08:08:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/03/03 22:37:31 | 000,000,000 | ---D | M]

[2010/01/18 16:19:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/14 23:00:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
[2010/01/15 08:46:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/01/15 08:45:55 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

O1 HOSTS File: ([2010/07/20 12:26:29 | 000,412,119 | R--- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14242 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll (Packard Bell)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; Mozilla\4.0 ( File not found
O4 - Startup: C:\Users\Jon Bush\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jon Bush\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jon Bush\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{34f6ecbb-6809-11df-80be-001167baa2f1}\Shell - "" = AutoRun
O33 - MountPoints2\{34f6ecbb-6809-11df-80be-001167baa2f1}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/26 19:09:09 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Jon Bush\Desktop\OTL.exe
[2010/07/26 12:53:58 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Jon Bush\Desktop\TFC.exe
[2010/07/20 12:49:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/20 12:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/20 12:46:31 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Jon Bush\Desktop\erunt-setup.exe
[2010/07/20 10:57:38 | 000,000,000 | ---D | C] -- C:\Users\Jon Bush\AppData\Roaming\Malwarebytes
[2010/07/20 10:57:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/20 10:57:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/20 10:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/20 10:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/20 10:55:58 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jon Bush\Desktop\mbam-setup-1.46.exe
[2010/07/20 10:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2010/07/20 08:44:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/07/20 08:41:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2010/07/20 08:40:29 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2010/07/20 08:40:29 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2010/07/20 08:40:29 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2010/07/20 08:40:21 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2010/07/20 08:40:21 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2010/07/20 08:40:18 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2010/07/20 08:40:18 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2010/07/20 08:40:18 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2010/07/20 08:40:18 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2010/07/20 08:40:18 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2010/07/20 08:40:06 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2010/07/20 08:40:06 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2010/07/20 08:40:06 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2010/07/20 08:40:06 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2010/07/20 08:40:05 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2010/07/19 12:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/07/18 16:57:42 | 000,000,000 | ---D | C] -- C:\Users\Jon Bush\AppData\Roaming\Tific
[2010/07/16 20:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Panasonic
[2010/07/16 20:22:21 | 000,000,000 | ---D | C] -- C:\Users\Jon Bush\AppData\Local\Panasonic
[2010/07/16 20:08:47 | 000,145,504 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
[2010/07/16 20:08:47 | 000,059,488 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\GenSvcInst.exe
[2010/07/16 20:08:47 | 000,033,408 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\drivers\cdrbsdrv.sys
[2010/07/16 20:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Panasonic
[2010/07/16 20:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\Panasonic
[2010/07/16 20:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/07/14 17:23:22 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/07/14 17:23:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/07/14 17:23:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/07/11 23:13:32 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/07/11 23:13:29 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/07/11 23:13:25 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/07/11 23:13:24 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010/07/11 23:13:24 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010/07/11 23:06:45 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/07/11 23:06:45 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/07/11 23:06:45 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/07/11 22:58:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/07/11 22:58:48 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/07/11 22:58:48 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/07/11 22:58:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/07/11 22:58:15 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/07/11 22:58:15 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/07/11 22:58:15 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/07/11 22:58:15 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/07/11 22:58:15 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/07/11 22:58:15 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/07/11 22:58:15 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/07/11 22:58:14 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/07/11 22:58:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/07/11 22:58:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/07/11 22:58:14 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/07/11 22:58:14 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/07/11 22:58:14 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/07/11 22:58:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/07/11 22:58:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/07/11 22:58:08 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/07/11 22:58:05 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/07/11 22:58:04 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/07/11 22:55:15 | 002,036,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/07/06 19:23:34 | 000,000,000 | ---D | C] -- C:\Users\Jon Bush\{cb915916-526e-43cb-968e-6f0aa6df1d4c}
[2010/07/03 12:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/03 12:07:28 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/06/27 17:59:54 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Touch Mouse Server

========== Files - Modified Within 30 Days ==========

[2010/07/27 10:34:21 | 010,223,616 | -HS- | M] () -- C:\Users\Jon Bush\ntuser.dat
[2010/07/26 20:54:09 | 000,001,356 | ---- | M] () -- C:\Users\Jon Bush\AppData\Local\d3d9caps.dat
[2010/07/26 19:33:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/26 19:33:17 | 264,813,130 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/26 19:31:04 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CAB50E37-79C6-45BB-989D-53592C7EB3D3}.job
[2010/07/26 19:30:00 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BFB64503-76A1-4AEF-BEA0-1FE3B0BC3B41}.job
[2010/07/26 19:25:41 | 000,719,880 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/26 19:25:41 | 000,619,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/26 19:25:41 | 000,112,802 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/26 19:25:32 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/07/26 19:23:38 | 000,035,189 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/07/26 19:23:37 | 000,035,189 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/07/26 19:23:25 | 000,000,437 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/07/26 19:21:56 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/26 19:21:35 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/26 19:21:35 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/26 19:21:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/26 19:20:33 | 000,524,288 | -HS- | M] () -- C:\Users\Jon Bush\ntuser.dat{989ab208-92a8-11df-9764-001167baa2f1}.TMContainer00000000000000000001.regtrans-ms
[2010/07/26 19:20:33 | 000,065,536 | -HS- | M] () -- C:\Users\Jon Bush\ntuser.dat{989ab208-92a8-11df-9764-001167baa2f1}.TM.blf
[2010/07/26 19:09:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jon Bush\Desktop\OTL.exe
[2010/07/26 19:08:47 | 000,293,376 | ---- | M] () -- C:\Users\Jon Bush\Desktop\of484t1r.exe
[2010/07/26 13:07:45 | 000,000,821 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/26 12:55:59 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jon Bush\Desktop\mbam-setup-1.46.exe
[2010/07/26 12:54:02 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jon Bush\Desktop\TFC.exe
[2010/07/23 15:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/20 12:59:07 | 000,002,749 | ---- | M] () -- C:\Users\Jon Bush\Desktop\Attach.zip
[2010/07/20 12:48:21 | 000,000,916 | ---- | M] () -- C:\Users\Jon Bush\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/20 12:47:57 | 000,000,717 | ---- | M] () -- C:\Users\Jon Bush\Desktop\ERUNT.lnk
[2010/07/20 12:46:32 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Jon Bush\Desktop\erunt-setup.exe
[2010/07/20 12:26:29 | 000,412,119 | R--- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/07/20 12:26:11 | 000,412,119 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100720-122629.backup
[2010/07/19 20:26:33 | 071,430,176 | ---- | M] () -- C:\Users\Jon Bush\Desktop\20100719-002-v5i32.exe
[2010/07/18 22:14:36 | 000,524,288 | -HS- | M] () -- C:\Users\Jon Bush\ntuser.dat{989ab208-92a8-11df-9764-001167baa2f1}.TMContainer00000000000000000002.regtrans-ms
[2010/07/18 20:56:48 | 000,524,288 | -HS- | M] () -- C:\Users\Jon Bush\ntuser.dat{ca9c7e6c-9284-11df-b14b-001167baa2f1}.TMContainer00000000000000000001.regtrans-ms
[2010/07/18 20:56:48 | 000,065,536 | -HS- | M] () -- C:\Users\Jon Bush\ntuser.dat{ca9c7e6c-9284-11df-b14b-001167baa2f1}.TM.blf
[2010/07/18 16:55:42 | 000,524,288 | -HS- | M] () -- C:\Users\Jon Bush\ntuser.dat{ca9c7e6c-9284-11df-b14b-001167baa2f1}.TMContainer00000000000000000002.regtrans-ms
[2010/07/18 16:21:56 | 000,524,288 | -HS- | M] () -- C:\Users\Jon Bush\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/07/18 16:21:56 | 000,065,536 | -HS- | M] () -- C:\Users\Jon Bush\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/07/16 20:09:06 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\VideoCam Suite 3.0.lnk
[2010/07/16 20:08:44 | 000,002,031 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VideoCam Suite.lnk
[2010/07/14 17:46:08 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/14 17:22:30 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/07/14 17:22:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/07/14 17:22:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/07/14 17:22:29 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/07/12 13:41:01 | 001,223,691 | ---- | M] () -- C:\Users\Jon Bush\Desktop\010.JPG
[2010/07/12 13:40:57 | 001,248,635 | ---- | M] () -- C:\Users\Jon Bush\Desktop\009.JPG
[2010/07/12 13:40:53 | 001,074,251 | ---- | M] () -- C:\Users\Jon Bush\Desktop\005.JPG
[2010/07/12 13:40:49 | 001,113,717 | ---- | M] () -- C:\Users\Jon Bush\Desktop\004.JPG
[2010/07/12 13:40:45 | 001,379,238 | ---- | M] () -- C:\Users\Jon Bush\Desktop\003.JPG
[2010/07/12 13:40:41 | 001,155,931 | ---- | M] () -- C:\Users\Jon Bush\Desktop\002.JPG
[2010/07/12 13:40:36 | 001,252,632 | ---- | M] () -- C:\Users\Jon Bush\Desktop\001.JPG
[2010/07/11 23:30:29 | 000,430,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/07/11 18:55:42 | 000,023,552 | ---- | M] () -- C:\Users\Jon Bush\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/06 23:23:46 | 010,971,712 | ---- | M] () -- C:\Users\Jon Bush\Desktop\Ollie 27.06.10 trying to stall.zip
[2010/07/06 19:03:27 | 000,000,560 | ---- | M] () -- C:\Windows\_delis32.ini
[2010/07/05 02:55:20 | 009,239,981 | ---- | M] () -- C:\Users\Jon Bush\Desktop\IM000290.MPG
[2010/06/30 15:47:41 | 011,180,633 | ---- | M] () -- C:\Users\Jon Bush\Desktop\Buckhurst 30.06.10.zip
[2010/06/27 14:48:59 | 045,150,638 | ---- | M] () -- C:\Users\Jon Bush\Desktop\Ollie at Oasis 26.06.10.zip
[2010/06/27 14:45:29 | 010,998,321 | ---- | M] () -- C:\Users\Jon Bush\Desktop\Alex just warming up.zip

========== Files Created - No Company Name ==========

[2010/07/26 19:08:46 | 000,293,376 | ---- | C] () -- C:\Users\Jon Bush\Desktop\of484t1r.exe
[2010/07/20 12:59:07 | 000,002,749 | ---- | C] () -- C:\Users\Jon Bush\Desktop\Attach.zip
[2010/07/20 12:48:21 | 000,000,916 | ---- | C] () -- C:\Users\Jon Bush\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/20 12:47:57 | 000,000,717 | ---- | C] () -- C:\Users\Jon Bush\Desktop\ERUNT.lnk
[2010/07/20 10:57:33 | 000,000,821 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/20 08:40:11 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010/07/20 08:40:11 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2010/07/20 08:40:11 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010/07/19 17:17:03 | 071,430,176 | ---- | C] () -- C:\Users\Jon Bush\Desktop\20100719-002-v5i32.exe
[2010/07/18 21:12:21 | 000,524,288 | -HS- | C] () -- C:\Users\Jon Bush\ntuser.dat{989ab208-92a8-11df-9764-001167baa2f1}.TMContainer00000000000000000002.regtrans-ms
[2010/07/18 21:12:21 | 000,524,288 | -HS- | C] () -- C:\Users\Jon Bush\ntuser.dat{989ab208-92a8-11df-9764-001167baa2f1}.TMContainer00000000000000000001.regtrans-ms
[2010/07/18 21:12:20 | 000,065,536 | -HS- | C] () -- C:\Users\Jon Bush\ntuser.dat{989ab208-92a8-11df-9764-001167baa2f1}.TM.blf
[2010/07/18 21:11:36 | 264,813,130 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/07/18 16:55:42 | 000,524,288 | -HS- | C] () -- C:\Users\Jon Bush\ntuser.dat{ca9c7e6c-9284-11df-b14b-001167baa2f1}.TMContainer00000000000000000002.regtrans-ms
[2010/07/18 16:55:42 | 000,524,288 | -HS- | C] () -- C:\Users\Jon Bush\ntuser.dat{ca9c7e6c-9284-11df-b14b-001167baa2f1}.TMContainer00000000000000000001.regtrans-ms
[2010/07/18 16:55:42 | 000,065,536 | -HS- | C] () -- C:\Users\Jon Bush\ntuser.dat{ca9c7e6c-9284-11df-b14b-001167baa2f1}.TM.blf
[2010/07/16 20:09:06 | 000,001,954 | ---- | C] () -- C:\Users\Public\Desktop\VideoCam Suite 3.0.lnk
[2010/07/16 20:08:44 | 000,002,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VideoCam Suite.lnk
[2010/07/12 13:40:13 | 001,223,691 | ---- | C] () -- C:\Users\Jon Bush\Desktop\010.JPG
[2010/07/12 13:40:03 | 001,248,635 | ---- | C] () -- C:\Users\Jon Bush\Desktop\009.JPG
[2010/07/12 13:39:50 | 001,074,251 | ---- | C] () -- C:\Users\Jon Bush\Desktop\005.JPG
[2010/07/12 13:39:36 | 001,113,717 | ---- | C] () -- C:\Users\Jon Bush\Desktop\004.JPG
[2010/07/12 13:39:22 | 001,379,238 | ---- | C] () -- C:\Users\Jon Bush\Desktop\003.JPG
[2010/07/12 13:39:10 | 001,155,931 | ---- | C] () -- C:\Users\Jon Bush\Desktop\002.JPG
[2010/07/12 13:38:57 | 001,252,632 | ---- | C] () -- C:\Users\Jon Bush\Desktop\001.JPG
[2010/07/06 23:23:42 | 010,971,712 | ---- | C] () -- C:\Users\Jon Bush\Desktop\Ollie 27.06.10 trying to stall.zip
[2010/07/06 18:52:52 | 000,000,560 | ---- | C] () -- C:\Windows\_delis32.ini
[2010/07/05 03:13:38 | 009,239,981 | ---- | C] () -- C:\Users\Jon Bush\Desktop\IM000290.MPG
[2010/06/30 15:47:38 | 011,180,633 | ---- | C] () -- C:\Users\Jon Bush\Desktop\Buckhurst 30.06.10.zip
[2010/06/27 14:48:20 | 045,150,638 | ---- | C] () -- C:\Users\Jon Bush\Desktop\Ollie at Oasis 26.06.10.zip
[2010/06/27 14:43:09 | 010,998,321 | ---- | C] () -- C:\Users\Jon Bush\Desktop\Alex just warming up.zip
[2009/01/30 15:01:59 | 000,000,059 | ---- | C] () -- C:\Windows\wininit.ini
[2007/02/13 08:48:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/11/11 17:39:00 | 000,001,413 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll

========== LOP Check ==========

[2008/11/10 11:10:39 | 000,000,000 | -HSD | M] -- C:\Users\Jon Bush\AppData\Roaming\.#
[2008/12/15 20:35:09 | 000,000,000 | ---D | M] -- C:\Users\Jon Bush\AppData\Roaming\Ashampoo
[2010/02/06 00:22:51 | 000,000,000 | ---D | M] -- C:\Users\Jon Bush\AppData\Roaming\Azureus
[2010/02/02 16:34:07 | 000,000,000 | ---D | M] -- C:\Users\Jon Bush\AppData\Roaming\Datel
[2009/09/23 17:27:49 | 000,000,000 | ---D | M] -- C:\Users\Jon Bush\AppData\Roaming\GARMIN
[2010/05/25 18:29:07 | 000,000,000 | ---D | M] -- C:\Users\Jon Bush\AppData\Roaming\Image Zone Express
[2009/02/28 10:32:30 | 000,000,000 | ---D | M] -- C:\Users\Jon Bush\AppData\Roaming\ImTOO Software Studio
[2008/12/03 11:43:47 | 000,000,000 | ---D | M] -- C:\Users\Jon Bush\AppData\Roaming\invibes
[2008/12/03 14:58:35 | 000,000,000 | ---D | M] -- C:\Users\Jon Bush\AppData\Roaming\Leadertech
[2008/04/28 21:33:01 | 000,000,000 | ---D | M] -- C:\Users\Jon Bush\AppData\Roaming\LG Electronics
[2009/02/25 14:33:21 | 000,000,000 | ---D | M] -- C:\Users\Jon Bush\AppData\Roaming\Packard Bell
[2008/04/12 13:27:50 | 000,000,000 | ---D | M] -- C:\Users\Jon Bush\AppData\Roaming\PeerNetworking
[2008/02/27 00:24:22 | 000,000,000 | ---D | M] -- C:\Users\Jon Bush\AppData\Roaming\Printer Info Cache
[2009/01/31 13:47:47 | 000,000,000 | ---D | M] -- C:\Users\Jon Bush\AppData\Roaming\Samsung
[2008/01/20 18:40:27 | 000,000,000 | ---D | M] -- C:\Users\Jon Bush\AppData\Roaming\Template
[2010/07/18 16:57:42 | 000,000,000 | ---D | M] -- C:\Users\Jon Bush\AppData\Roaming\Tific
[2009/03/03 08:41:24 | 000,000,000 | ---D | M] -- C:\Users\Jon Bush\AppData\Roaming\Virgin Broadband
[2008/01/05 09:39:03 | 000,000,000 | ---D | M] -- C:\Users\Jon Bush\AppData\Roaming\Windows Live Writer
[2010/07/23 17:32:44 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/07/26 19:30:00 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BFB64503-76A1-4AEF-BEA0-1FE3B0BC3B41}.job
[2010/07/26 19:31:04 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CAB50E37-79C6-45BB-989D-53592C7EB3D3}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Documents\Updater5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Documents\The Next Level Movement:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Documents\Symantec:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Documents\printed census:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Documents\peg1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Documents\OneNote Notebooks:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Documents\office 2007:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Documents\My Stationery:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Documents\My Scans:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Documents\My Projects:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Documents\My Google Gadgets:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Documents\My Art:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Documents\HP Photosmart Projects:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Documents\fishsim2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Documents\digital locker Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Documents\Dawlish Warren 2009.wmv:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Documents\Collage 2009.02.28 00.43.37.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Documents\Bluetooth:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Documents\autorunsettings[1]:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Desktop\The Next Level Movement:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Desktop\memory stick:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Desktop\Jon's Tree:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Desktop\IM000290.MPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Desktop\Gary's Movies and Pictures:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Desktop\Easter Sunday 2010:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Desktop\Desktop Folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Desktop\2009-03-20 17.56.10 Ollie at Marlboro skatepark:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Desktop\012.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Desktop\011.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Desktop\010.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Desktop\009.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Desktop\005.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Desktop\004.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Desktop\003.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Desktop\002.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jon Bush\Desktop\001.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\fishsim2:Roxio EMC Stream
@Alternate Data Stream - 64 bytes -> C:\Users\Jon Bush\Desktop\IM000290.MPG:TOC.WMV
< End of report >
bushmeister69
2010-07-27, 13:39
OTL Extras logfile created on: 27/07/2010 10:38:48 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Jon Bush\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 327.35 Gb Total Space | 194.23 Gb Free Space | 59.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JONBUSH-PC
Current User Name: Jon Bush
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Gameforge4D\AirRivals\Launcher.atm" = C:\Program Files\Gameforge4D\AirRivals\Launcher.atm:Enabled:GameExe2 -- File not found
"C:\Program Files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe" = C:\Program Files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe:Enabled:GameVoIP -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07C42851-C506-44B8-8991-F17EF8E9FFDB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0B5C61A7-75DB-4FCD-A8EC-DD10DD072B37}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1C1254DE-6243-44CF-8062-455E9A36893B}" = lport=554 | protocol=6 | dir=in | name=ps3 |
"{1CC8AE8D-F1CB-4637-AC39-EBD7928C9362}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1E2E7092-2FBD-4458-8170-D3AE51AEC788}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2036DAEF-25B0-4939-8E68-CF028A388D5B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{214EDA48-CCF1-40D2-A476-1ECB7F1B6B52}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{254F1676-D941-4BC0-A98E-6251358B0474}" = lport=2869 | protocol=6 | dir=in | app=system |
"{39E486DA-6779-4B45-9E6F-4C3EAD112851}" = lport=2869 | protocol=6 | dir=in | app=system |
"{40DB51C0-C251-43F5-AA36-FCE3BB0A600B}" = rport=10244 | protocol=6 | dir=out | app=system |
"{4521472F-ADB9-409A-A223-A0FB42BFF5EC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4669F757-492F-4BED-AEC2-BA75E4BCB02F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{46BDBF0E-CC07-49A3-9559-1419FC6D1EF4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{4E80AA22-64BC-42ED-8025-319AD714F436}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4EC1B610-2A12-4BE1-830C-79FDBA455984}" = lport=2869 | protocol=6 | dir=in | app=system |
"{55A70BB1-D48D-4746-B1C3-2ADB66AB78C3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{593D4206-EDAE-4217-AF5D-DDD304B40460}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5F6564FA-BBE2-4EBD-883C-DE910DBDD184}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{60F83193-7A10-4738-A841-DDD1D9E756A1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{78AAC9A2-32C5-47FB-BBEC-A5F35A62B227}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7F921E04-3C20-483B-A8F3-116D39531F68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{81E17553-F7D4-48F0-9534-C5D154479CEE}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{82177516-59E7-4AD2-A712-65DD20D7FE4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8F643B10-78EB-47A8-AA00-3F72D2E60D1B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{93CEB5A5-526D-45AF-BE45-B60966E1FEC3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9472BE1A-3530-443A-9F63-C4EA2A327FD4}" = rport=2869 | protocol=6 | dir=out | app=system |
"{96717E23-6F3D-4090-B5A6-936B9F6760E8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{997B994A-569B-44DE-9A6E-71A3B9C3EB9E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{9B6AA8BD-5FA0-4875-8431-F3BEFC3C8213}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9BEEDB12-7C0A-4DD0-839F-86DF126F5930}" = lport=3390 | protocol=6 | dir=in | app=system |
"{9D008D16-55E6-4068-972C-913D50CE11FD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A0F21EFC-574E-49BF-8B73-AA10AFCF6624}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{AA29C48A-2B24-45F7-B82B-C4ED38C9317E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{AACDB7D4-73BE-4C44-A117-D4497BB81C48}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AE93199D-F1EA-406A-8CFA-E05FD8F607E3}" = lport=10244 | protocol=6 | dir=in | app=system |
"{B136D7EA-9744-49CF-9D5A-4419DB152D5D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B3677DC3-DC03-401B-988C-145816C14635}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{B3EF40CB-358D-4E95-BDBA-36C3BE662BD1}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{B4AE5020-A08C-4626-999E-ACFF173A5F99}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B54C465E-63DA-408D-8B4E-545F5A36787B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B7195225-3DF0-465D-AC04-C015620E261E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{BAB917F7-570B-4991-ABB4-3B40B5EB02B5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{C2CFF792-6567-49CA-BA75-C5BCDE768F47}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C2D8751F-A2E0-476D-A9D0-666699055BAE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C55D7095-8DDB-4C83-9277-97742D0FEE7E}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{C57EC79A-113E-48AC-87F6-6B9C08834CF9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{D55A5AD7-A069-4E79-9F7A-A0A02D497839}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{D7EFDDF7-954C-4E62-81C5-1424128673D5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DDC1DA47-9566-4170-BCD3-F5463FAE8B20}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{EDEC6AF3-6D72-4660-A646-67532FD4955C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FF9AB93C-49D8-4DC2-B524-9FD992BDD395}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0025B769-5BEE-448A-B80F-460141F7B1E7}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{00F59FF9-9729-43E8-B4BF-30A0F46ECF6E}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{059CF750-7516-4229-8FB6-6A74089FC663}" = protocol=17 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
"{07E7E395-2AC7-41CC-A3E8-79F023355CEF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0D62078F-6CB7-4CC0-8B2B-B7AA2385A364}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{126D41EC-89B1-4B41-9B06-B6DC5C00E17E}" = dir=in | app=c:\program files\cyberlink\magicsports\magicsports.exe |
"{1422AC86-0C6A-4B93-A301-8536C23DDF7A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{17E9FAF3-CE2E-4704-872D-08867C976379}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1A81B072-025E-40B2-B454-2B9BA646F403}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{25501580-55B7-479D-8E3C-8A0FECE1EA83}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{26AA1931-5AFE-4A12-9C6E-58AE6EEBDB79}" = protocol=6 | dir=out | app=system |
"{27660910-7E93-4B84-B53D-6641009A0683}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{2A9AD227-5D3F-4599-93BC-36060A991BAB}" = protocol=6 | dir=out | app=system |
"{2F334A4F-44EB-4B72-AA1D-7EC03E9F3622}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{342012C4-ED5B-48C1-A0DE-DD180AA8A38F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{39A64D34-DFDA-48DC-98E8-34040D56C411}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{3B86569D-7E13-4960-B534-1401C987CA8C}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{3E61E9FC-0A6D-48B8-AD85-FC0F5D27BA75}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{3ED87DA2-77D6-47CF-8161-0180F610019C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3FA59B2B-D56C-42C4-B78A-633B07AE3363}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{41B4A3B2-1285-443A-99AA-D6674854A7CF}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{44518A9E-D4CB-4E85-AD04-BA4628150DEB}" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{482325E5-F12C-4100-B46C-74EEB40128BE}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{4FE78FA5-83CA-4A14-807F-3B18E173475C}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{50AE08CE-6C89-4BDC-95AC-FB1C80F6E312}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{50B1DA7F-ED31-48A7-A776-AC7AF5E57329}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{512D9323-BB9B-46E5-B42F-9BD52964FC73}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{51B35D95-987F-419B-A8B2-5F07A4B5D586}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{53375A48-D388-45FA-8C2E-6287D2C248FF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{5595B4AE-7878-487A-82AF-D0802B52EA2B}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{571E1F85-C1C5-4D5B-858E-736B0E6B58D4}" = protocol=6 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
"{58EB2757-35FA-484C-A84B-BDFB77A1DF5E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{594CD2F6-5068-4907-9826-5B9D24FFEE0D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{5D39F8EE-F83A-412E-9F08-D259034E36C2}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{63F9FD8B-EADE-436F-80F4-98CA9576BC32}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{686FDBB1-04F9-42AB-8E75-262D7CF805D6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6880C9C6-1C4B-40B7-A5ED-FADA45E0D16E}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{78AFE9D9-37AD-433F-BCD3-E50E350223E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C31D5A2-8335-43DC-A1B7-748AAD87CB8B}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7D8ABED3-27C8-449B-8BB8-05DE345D5243}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{88915112-52B1-442C-88EF-3863989C901C}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{894336AA-E722-426B-BA50-7B42710F3D4C}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{895E8291-6763-47C6-8A8C-9D3E2DAA83E3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9E147C3B-11D3-44CC-BDB3-55E9A9BD4610}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{A2FBEFFE-3669-4D47-9250-DF15315BAEA5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A91105B8-B211-4515-BFC1-16B0BD681AFD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{AD07D428-35CA-4456-9C89-1F1689E535CC}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AE75108F-EC41-4F92-9CEA-F928EA0EAE80}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B3E660B6-489B-4F2E-90E2-220C793E851C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B4B2A650-EC61-4313-941C-C1F34B8510C1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B9D504DE-6C26-4C60-AB30-ADE3F6CE4100}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CF0DEE4B-97BB-4C50-895A-0BEBD2385377}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{CFDF683A-203D-4EA5-819A-3D05BD905342}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{E6E243F5-3BB5-412D-984A-0696FA23AAD3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E78FE6C9-DA3D-4E45-ABBC-A2C057019885}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EA154D2F-52FD-4139-B37E-C49ECB487E89}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{EA284594-1FF3-45CB-8E6A-E0F39144311E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EA386CC4-EB4A-46F1-8C57-9D1698AB10F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FAB2CCDD-3540-48CC-BA48-8AA5D0D5A3FE}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{FB96B6E2-41E5-47B7-9645-C62D049E5E61}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{FE9D36DA-1BA8-431C-A9BC-45534FD0C1D9}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{6AF276EC-F5D8-4EBF-8C6A-3C1BB86029A0}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{D9A637C4-B62C-4276-8CD5-E985557F8EF0}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{EB9F4BFC-7DE9-471F-9BC4-236B5FC90825}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{FF849EDD-1216-4DC2-9886-3811E7FCA47F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1341652B-CCF1-4077-9647-E51B4ADB4DC7}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{719F05C9-A5CD-4D38-8569-951C83ABCB50}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{A7686F6A-AFA8-4010-B559-DBAC0E0E1181}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{DD6813C4-15D5-45A5-8629-937703F3F95F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1D5EB783-25F8-495B-8B01-DE6D1BFBB8B4}" = VideoCam Suite 3.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4BF9EA-847E-44FB-A728-C456116E6CEF}" = InstantShareDevicesMFC
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{3350E9B0-DCE6-4AE1-B3AC-D0C11FBEEDA1}_is1" = SeaTools for Windows
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3EF8B5AA-7B82-4945-941D-A6BC24325F00}" = CameraUserGuides
"{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{452622B2-CFF1-4373-B773-141FC10A2AB6}" = hpicamDrvQFolder
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5927AF0D-335C-41D6-937B-54587EBD6D2C}" = MagicSports 3.5
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{99999999-9999-9999-9999-999999999999}" = HP Photosmart Cameras 9.0
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A7DB362E-16DC-4E29-8A34-E74381E00B5B}" = Adobe Shockwave Player
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB61E316-F10B-43eb-B47F-42095835F9CC}" = C3100
"{AB7032FF-AFED-4C58-AA5C-8473B273793A}" = HDReg
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B3C9A441-C34D-40F3-9D3B-00EDDDAC74F1}" = Garmin Communicator Plugin
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4116BBF-DE38-491e-80E7-CBB9B6F44F30}" = CameraDrivers
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Creator 9 LE
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AdobeReader" = Adobe Reader 8
"AUDIO_REALTEK" = Realtek HD Audio V6.0.1.5413
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CREATOR9" = Creator 9
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"fishsim2" = fishsim2
"Flashplayer" = Flash Player 9 Internet Explorer
"Google Updater" = Google Updater
"GoogleBAE" = Google BAE
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ImageWriter" = Packard Bell ImageWriter
"Infocentre" = Infocentre Rev. 2.0
"LCDTest" = Packard Bell LCD Test
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"MagicSports" = Magic Sports
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"METABOLI" = Metaboli
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NIS" = Norton Internet Security
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OFF2k7_UK" = Microsoft® Office Trial 2007
"PSP Action Replay_is1" = PSP Action Replay
"RealPlayer 6.0" = RealPlayer
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SETUPMYPC_GB" = SetUp My PC
"Shockwave" = Shockwave player 10
"Updator" = Packard Bell Updator
"VIDEO_NVIDIA" = Video NVIDIA v162.22
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"works9se" = Microsoft Works 9 SE
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/07/2010 14:24:08 | Computer Name = JonBush-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 26/07/2010 14:24:08 | Computer Name = JonBush-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 26/07/2010 14:24:10 | Computer Name = JonBush-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 26/07/2010 14:24:10 | Computer Name = JonBush-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 26/07/2010 14:34:20 | Computer Name = JonBush-PC | Source = EventSystem | ID = 4609
Description =

Error - 26/07/2010 14:36:07 | Computer Name = JonBush-PC | Source = Application Error | ID = 1000
Description = Faulting application of484t1r.exe, version 1.0.15.15281, time stamp
0x4b2763f0, faulting module of484t1r.exe, version 1.0.15.15281, time stamp 0x4b2763f0,
exception code 0xc0000005, fault offset 0x0000c4b1, process id 0x598, application
start time 0x01cb2cf13c0525b7.

Error - 26/07/2010 14:40:33 | Computer Name = JonBush-PC | Source = Perflib | ID = 1008
Description =

Error - 26/07/2010 14:40:34 | Computer Name = JonBush-PC | Source = Perflib | ID = 1010
Description =

Error - 26/07/2010 14:40:34 | Computer Name = JonBush-PC | Source = PerfNet | ID = 2004
Description =

Error - 26/07/2010 14:40:34 | Computer Name = JonBush-PC | Source = PerfNet | ID = 2002
Description =

[ Media Center Events ]
Error - 16/04/2008 01:20:22 | Computer Name = JonBush-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 26/05/2008 05:11:58 | Computer Name = JonBush-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ OSession Events ]
Error - 30/12/2008 07:55:47 | Computer Name = JonBush-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 299 seconds with 240 seconds of active time. This session ended with a crash.

Error - 20/08/2009 20:19:12 | Computer Name = JonBush-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 174 seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 26/07/2010 14:35:02 | Computer Name = JonBush-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 26/07/2010 14:35:02 | Computer Name = JonBush-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 26/07/2010 14:35:02 | Computer Name = JonBush-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 26/07/2010 14:35:02 | Computer Name = JonBush-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 26/07/2010 14:35:02 | Computer Name = JonBush-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 26/07/2010 14:35:02 | Computer Name = JonBush-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 26/07/2010 14:35:02 | Computer Name = JonBush-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 26/07/2010 14:35:02 | Computer Name = JonBush-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 26/07/2010 14:35:03 | Computer Name = JonBush-PC | Source = DCOM | ID = 10005
Description =

Error - 26/07/2010 14:35:16 | Computer Name = JonBush-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >
ken545
2010-07-27, 14:19
Hi,

C:\Program Files\BitTorrent <--File Sharing is not recommended, your downloading that file from an unknown source , malware writers are in tune to this and are using programs like this to infect your computer. I would never allow any type of P2P File Sharing, the Torrents, Limewire, on any of my systems, its like playing Russian Roulette malwarewise. You should uninstall this program from Programs and Features in the Control Panel.


The rest of your logs look fine, lets run a free online scanner and see if it picks anything up.

Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic
bushmeister69
2010-07-27, 16:58
I've tried looking for C:\Program Files\BitTorrent but have been unable to see this in the Program Files. The only folders I can see beginning with "B" are Bonjour and BootsF2CD. I know my son added "BitLord" to this PC a while ago but we promptly removed this as soon as we were aware of it. I've tried using the computer's search feature to find any file or folder that might have the words "bit" or "torrent" as it's title, but nothing. I have only looked using Safe Mode as any time I start up in Normal Mode now I just get a black screen.
Below is the log created from the free online virus scanner from ESET



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=ee44d95c446236449cf4ad809827b87c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-07-27 01:41:32
# local_time=2010-07-27 02:41:32 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 12696978 117764589 0 0
# compatibility_mode=8192 67108863 100 0 102 102 0 0
# scanned=401075
# found=0
# cleaned=0
# scan_time=6231
ken545
2010-07-27, 19:58
It may be just a leftover entry, nothing to worry about , ESET came back clean so I think your good to go.

How are things running now ?
bushmeister69
2010-07-27, 20:05
We're still not having any luck starting up in Normal Mode. Would there have been any damage done to the graphic card? When it was starting up before we would get yellow vertical stripes across the screen and sometimes they'd be blue. Then after a random amount of time the PC would just freeze and we'd have to switch it off by holding the button on the front of the tower down for 6 or more seconds.
ken545
2010-07-27, 20:13
Wow, that sure sounds like it. One of my laptops a few months ago had the video card over heat with me realizing it, after start up I would get funny colors and wavy lines.

Since we just do Malware Removal in this forum, why don't you post at our sister site and let them help you with that. Like Safer its free but you will need to register.

http://forums.whatthetech.com/index.php?showforum=126

Good Luck,

Ken
bushmeister69
2010-07-27, 21:49
Thanks ever so much for all the time and effort you've put in to trying to help with our issue. Have just tried again to start in Normal Mode again and the PC's own startup repair kicks in, asking to try using the restore point but even this is not working, can still only use safe mode. Will try giving your sister site a bash as need to do something!!! Atleast we now know it'll be safe to back up any files now, and not drag anything unwanted with them.

Many, many thanks again for all your help

Jon
ken545
2010-07-28, 01:25
Thats definitely a hardware problem, could be anything, video card, bad motherboard. Post at WTT and give them a detailed explanation of what your experiencing

Ken