PDA

View Full Version : cannot install or use safe mode & blocked from security sites



Baydon
2012-06-12, 14:04
Hello,

I'm a new member so sorry if I ask silly questions.

I recently bought bitdefender, uninstalled anitvirus software to install it and found I could not.. then found I could not access some sites I tried when looking for a solution like bleeping computer. I was surprised I had access to this one! I have run malwarebytes(had to change the file name to install!), superanitspyware, trojan remover and rkill in an attempt to move this virus but no luck. From reading your faq I see I may have done more damage :oops:

I have downloaded and installed erunt but cannot get DDS Log as it comes from bleeping computer...

Hope you can help me.

Kind regards
Karl

maxi
2012-06-13, 18:42
Welcome to Safer Networking. I am maxi, and I will be helping you out with your malware problems.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.


Please observe and follow these Forum Rules (http://forums.spybot.info/showthread.php?t=288).
Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
Please read the instructions carefully and follow them closely, in the order they are presented to you.
If you have any doubts or problems during the fix, please stop and ask.
All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
If you do not reply within 3 days, this topic will be closed.

If you are agreeable to the above, then everything should go smoothly

Note:
As I am currently still in training, everything that I post to you must be first checked by my teacher. This may add a tiny delay between replies so please be patient :)

I need more information before I begin assisting you:
What version of Windows are you using ? Is it 32 or 64 bit ?
Did you manage to back up your registry with Erunt ?
If you are running Teatimer, Have you disabled it ?

Regards maxi :)

Baydon
2012-06-14, 15:14
Hi!

Thanks for reply, I have no problem following your instructions.

I have windows XP 32bit

I have backed up my reg with Erunt

I don't have Teatimer(whats that?)

I am going to download DSS log on another comp and use a flash pen to move it to this one if you are ok with that?

Regards
Karl

maxi
2012-06-14, 16:04
Hi Baydon,

I am going to download DSS log on another comp and use a flash pen to move it to this one if you are ok with that?

Maybe just hold off on that while I confer with my teacher. Good idea though :)

I'll be back as soon as I can.

Regards maxi

maxi
2012-06-14, 18:25
Hi Baydon,

You can try to download these tools on the infected computer but If your having trouble you can use the other computer and the pen drive. (Just remember to save the programs to your Desktop)

Step 1
Back up your registry again using Erunt.

Step 2
Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) by Old Timer and save it to your Desktop.

Double click on OTL.exe to run it.
Under Output, ensure that Standard Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.

Step 3
Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) and save it to your Desktop.
Double click aswMBR.exe to run it.
Click Yes to the prompt to download Avast! virus definitions.
(Please be patient whilst the virus definitions download)
With the AVscan set to Quick Scan, click the Scan button.
(Please be patient whilst your computer is scanned.)
After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
Click OK > Exit.
Note: Do not attempt to fix anything at this stage!
Two files will be created, aswMBR.txt & a file named MBR.dat.
MBR.dat is a backup of the MBR(master boot record), do not delete it..
I strongly suggest you keep a copy of this backup stored on an external device.
Copy & Paste the contents of aswMBR.txt into your next reply.

In your next reply please include:
Both logs created by OTL.
The log created by aswMBR.
Any problems you had with my instructions.

Regards maxi :)

Baydon
2012-06-15, 18:45
Hi,

I will post all the logs tomorrow due to work commitments.

I really appreciate all your help so far.

Regards
Karl

maxi
2012-06-16, 14:58
No problem :)

Baydon
2012-06-17, 13:34
Hi,

OTL logs...

OTL logfile created on: 17/06/2012 10:23:36 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = E:\Documents and Settings\karl\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.58% Memory free
3.85 Gb Paging File | 2.96 Gb Available in Paging File | 76.91% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 186.27 Gb Total Space | 36.68 Gb Free Space | 19.69% Space Free | Partition Type: NTFS
Drive E: | 368.10 Gb Total Space | 77.33 Gb Free Space | 21.01% Space Free | Partition Type: NTFS
Drive F: | 97.65 Gb Total Space | 45.23 Gb Free Space | 46.31% Space Free | Partition Type: NTFS

Computer Name: CATACOMB | User Name: karl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/15 07:39:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\karl\Desktop\OTL.exe
PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- E:\Documents and Settings\karl\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/05/21 21:38:02 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/05/08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- E:\Documents and Settings\karl\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/04/27 10:05:00 | 000,924,600 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/04 17:15:34 | 002,163,024 | ---- | M] (Diskeeper Corporation) -- F:\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- E:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/05/25 18:23:16 | 001,801,064 | ---- | M] (Hewlett-Packard Co.) -- E:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
PRC - [2011/03/21 22:10:00 | 001,230,704 | ---- | M] () -- E:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/11/20 03:23:30 | 000,380,416 | ---- | M] () -- E:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
PRC - [2009/07/21 10:17:46 | 000,323,584 | ---- | M] (Logitech Inc.) -- E:\Program Files\Logitech\SetPoint II\SetPointII.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- E:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/11/07 17:43:36 | 000,809,488 | ---- | M] (Logitech, Inc.) -- E:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe
PRC - [2008/01/07 14:28:02 | 000,143,360 | ---- | M] () -- E:\Program Files\Razer\Lycosa\razertra.exe
PRC - [2007/11/20 17:53:36 | 000,147,456 | ---- | M] (Razer USA Ltd.) -- E:\Program Files\Razer\Lycosa\razerhid.exe
PRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- E:\WINDOWS\system32\HPZipm12.exe
PRC - [2000/05/20 17:23:48 | 000,086,016 | ---- | M] () -- E:\WINDOWS\StartupMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/17 10:02:36 | 000,065,024 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/06/17 10:02:36 | 000,052,736 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/06/09 00:50:35 | 000,117,760 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/06/09 00:50:35 | 000,052,224 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/04/27 10:05:00 | 001,952,696 | ---- | M] () -- E:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/10 05:10:00 | 001,568,576 | ---- | M] () -- E:\Program Files\NVIDIA Corporation\nview\nView.dll
MOD - [2011/12/02 13:24:04 | 008,527,008 | ---- | M] () -- E:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/03/21 22:10:36 | 000,096,112 | ---- | M] () -- E:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 22:10:00 | 001,230,704 | ---- | M] () -- E:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/20 03:23:30 | 000,380,416 | ---- | M] () -- E:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
MOD - [2009/01/15 09:19:00 | 000,466,944 | ---- | M] () -- E:\WINDOWS\system32\nvshell.dll
MOD - [2009/01/10 23:15:44 | 000,159,744 | ---- | M] () -- E:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll
MOD - [2009/01/10 23:14:06 | 000,023,552 | ---- | M] () -- E:\Program Files\Haali\MatroskaSplitter\mkunicode.dll
MOD - [2008/01/07 14:28:02 | 000,143,360 | ---- | M] () -- E:\Program Files\Razer\Lycosa\razertra.exe
MOD - [2007/09/20 19:34:58 | 000,129,024 | ---- | M] () -- E:\Program Files\WinRAR\RarExt.dll
MOD - [2000/05/20 17:23:48 | 000,086,016 | ---- | M] () -- E:\WINDOWS\StartupMonitor.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/27 10:05:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/04 17:15:34 | 002,163,024 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- F:\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- E:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- E:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/11/07 17:40:52 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- E:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/12/10 14:59:04 | 000,353,280 | ---- | M] (Nokia.) [On_Demand | Stopped] -- E:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- E:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Running] -- E:\DOCUME~1\karl\LOCALS~1\Temp\glwsanaj.sys -- (Micorsoft Windows Service)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\bdvedisk.sys -- (BDVEDISK)
DRV - File not found [File_System | On_Demand | Stopped] -- system32\DRIVERS\avckf.sys -- (avckf)
DRV - File not found [File_System | Unavailable | Unknown] -- system32\DRIVERS\avc3.sys -- (avc3)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\DOCUME~1\karl\LOCALS~1\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2012/06/09 01:40:19 | 000,032,072 | ---- | M] () [File_System | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- E:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/06 11:29:46 | 000,238,664 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
DRV - [2011/02/14 02:04:48 | 000,038,608 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- E:\WINDOWS\system32\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV - [2010/05/12 12:23:04 | 000,016,896 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\FlashUSB.sys -- (FlashUSB)
DRV - [2009/09/29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009/09/29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009/09/29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2009/06/17 10:56:18 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 10:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 10:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- E:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/05/20 22:32:28 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/11/19 17:09:10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/19 17:09:08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/19 17:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/09/26 10:52:00 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/07/23 13:05:48 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/04/13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/26 23:59:33 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/01/18 15:43:16 | 000,016,128 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\Lycosa.sys -- (LycoFltr)
DRV - [2007/08/07 10:40:38 | 000,098,944 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/06/13 16:47:12 | 000,048,256 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2005/08/10 15:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005/08/10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2003/02/12 12:16:10 | 000,389,504 | ---- | M] (ahead software) [File_System | Auto | Running] -- E:\WINDOWS\System32\drivers\bsudf.sys -- (BsUDF)
DRV - [2002/10/08 11:03:15 | 000,007,582 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- E:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)
DRV - [2002/06/06 00:07:00 | 000,009,344 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\bsstor.sys -- (BsStor)
DRV - [2001/08/17 15:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)
DRV - [2001/08/17 13:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home
IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {B5EDFBB0-9827-11DA-A72B-0800200C9A66}:0.7.2008093001
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: canitbecheaper@trafficbroker.co.uk:2.4
FF - prefs.js..extensions.enabledItems: fastYoutubeDownloader@yevgenyandrov.net:1.2.2
FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.8.1
FF - prefs.js..extensions.enabledItems: {ADA51547-FEF6-4b2c-8E96-EE45BDF53DE1}:1.6.0
FF - prefs.js..extensions.enabledItems: {ff356687-aa08-463d-a46c-11c451824939}:5.0.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: E:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: E:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: E:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: E:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: E:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2012/04/27 10:05:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2011/11/26 18:40:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: E:\Program Files\PriceGong\2.1.0\FF

[2010/12/26 20:14:34 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\karl\Application Data\Mozilla\Extensions
[2010/12/26 20:14:34 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\karl\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2012/05/06 09:48:19 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions
[2010/07/18 22:08:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/02/28 20:55:10 | 000,000,000 | ---D | M] (Orbit Yellow 2006) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\{71073f20-deb8-11da-95c9-00e08161165f}
[2008/08/27 23:01:25 | 000,000,000 | ---D | M] (Abstract Zune) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\{7ef7f4d6-947d-11dc-8314-0800200c9a66}
[2010/06/26 23:03:06 | 000,000,000 | ---D | M] (MozXP) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\{ADA51547-FEF6-4b2c-8E96-EE45BDF53DE1}
[2009/01/22 17:16:35 | 000,000,000 | ---D | M] ("Forecastfox l10n") -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\{B5EDFBB0-9827-11DA-A72B-0800200C9A66}
[2009/02/07 12:55:36 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010/06/26 23:07:18 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/05/10 12:46:14 | 000,000,000 | ---D | M] (British English Dictionary) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/10/27 22:35:40 | 000,000,000 | ---D | M] (FacePAD: Facebook Photo Album Downloader) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\facepad@lazyrussian.com
[2010/09/02 22:19:58 | 000,000,000 | ---D | M] (Fast Youtube Downloader) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\fastYoutubeDownloader@yevgenyandrov.net
[2012/03/20 00:02:28 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
[2011/11/24 15:34:06 | 000,042,737 | ---- | M] () (No name found) -- E:\DOCUMENTS AND SETTINGS\KARL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYDCAQ31.DEFAULT\EXTENSIONS\{AFF87FA2-A58E-4EDD-B852-0A20203C1E17}.XPI
[2011/05/10 12:46:14 | 000,060,249 | ---- | M] () (No name found) -- E:\DOCUMENTS AND SETTINGS\KARL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYDCAQ31.DEFAULT\EXTENSIONS\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}.XPI
[2012/02/19 22:48:23 | 000,246,025 | ---- | M] () (No name found) -- E:\DOCUMENTS AND SETTINGS\KARL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYDCAQ31.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
[2012/02/28 16:09:44 | 000,094,025 | ---- | M] () (No name found) -- E:\DOCUMENTS AND SETTINGS\KARL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYDCAQ31.DEFAULT\EXTENSIONS\CANITBECHEAPER@TRAFFICBROKER.CO.UK.XPI
[2012/04/27 10:05:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/10 23:36:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/27 10:04:58 | 000,001,525 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/05/11 18:46:31 | 000,002,191 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/04/27 10:04:58 | 000,002,252 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/27 10:04:58 | 000,000,935 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/27 10:04:58 | 000,001,166 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/27 10:04:58 | 000,002,040 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/04/27 10:04:58 | 000,001,121 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/02/12 16:56:59 | 000,000,698 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] E:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] E:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] E:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Lycosa] E:\Program Files\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] E:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] E:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] E:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [Philips Device Listener] E:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKLM..\Run: [Run StartupMonitor] E:\WINDOWS\StartupMonitor.exe ()
O4 - HKLM..\Run: [TrojanScanner] E:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004..\Run: [Akamai NetSession Interface] E:\Documents and Settings\karl\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004..\Run: [HP Photosmart 5510 series (NET)] E:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004..\Run: [YwvLwqew] E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe File not found
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPointII.lnk = E:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
O4 - Startup: E:\Documents and Settings\karl\Start Menu\Programs\Startup\Dropbox.lnk = E:\Documents and Settings\karl\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: E:\Documents and Settings\karl\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = E:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download with &Media Finder - E:\Program Files\Media Finder\hook.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - E:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204058397140 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://E:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://E:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5CE5140-596A-45AF-8805-CA7DF2FA4B8D}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\userinit.exe) - E:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe) - E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: E:\Documents and Settings\karl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Documents and Settings\karl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{01622bc4-7bf4-11e0-837d-000ee75003aa}\Shell - "" = AutoRun
O33 - MountPoints2\{01622bc4-7bf4-11e0-837d-000ee75003aa}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{01622bc4-7bf4-11e0-837d-000ee75003aa}\Shell\AutoRun\command - "" = H:\USBAutoRun.exe
O33 - MountPoints2\{bb9b3fdc-1123-11e0-8252-000ee75003aa}\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\{ee80ddc4-6a03-11de-bf39-000ee75003aa}\Shell - "" = AutoRun
O33 - MountPoints2\{ee80ddc4-6a03-11de-bf39-000ee75003aa}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ee80ddc4-6a03-11de-bf39-000ee75003aa}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/15 07:39:29 | 000,596,480 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\karl\Desktop\OTL.exe
[2012/06/15 07:38:02 | 000,000,000 | ---D | C] -- E:\Documents and Settings\karl\Desktop\15-06-2012
[2012/06/12 11:33:19 | 000,000,000 | ---D | C] -- E:\WINDOWS\ERDNT
[2012/06/12 11:32:13 | 000,000,000 | ---D | C] -- E:\Program Files\ERUNT
[2012/06/12 11:32:13 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/06/09 10:09:46 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/09 10:09:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\karl\My Documents\Simply Super Software
[2012/06/09 10:08:30 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Trojan Remover
[2012/06/09 10:08:29 | 000,598,528 | ---- | C] (Igor Pavlov) -- E:\WINDOWS\System32\ztv7z.dll
[2012/06/09 10:08:29 | 000,069,632 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\ztvcabinet.dll
[2012/06/09 10:08:28 | 000,000,000 | ---D | C] -- E:\Program Files\Trojan Remover
[2012/06/09 10:08:28 | 000,000,000 | ---D | C] -- E:\Documents and Settings\karl\Application Data\Simply Super Software
[2012/06/09 10:08:28 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Simply Super Software
[2012/06/09 00:50:26 | 000,000,000 | ---D | C] -- E:\Documents and Settings\karl\Application Data\SUPERAntiSpyware.com
[2012/06/09 00:49:53 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/06/09 00:49:50 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/06/09 00:49:50 | 000,000,000 | ---D | C] -- E:\Program Files\SUPERAntiSpyware
[2012/06/08 23:55:36 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2012/06/08 23:55:36 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/08 00:06:38 | 000,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2012/06/07 02:08:22 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Bitdefender
[2012/06/07 02:07:45 | 000,000,000 | ---D | C] -- E:\Documents and Settings\karl\Application Data\Bitdefender
[2012/06/07 01:12:46 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Bitdefender 2012
[2012/06/07 00:40:46 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\BDLogging
[2012/06/07 00:01:01 | 000,000,000 | ---D | C] -- E:\Documents and Settings\karl\Application Data\QuickScan
[2012/06/06 23:33:34 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\SWF Studio
[2012/06/05 09:43:00 | 000,000,000 | ---D | C] -- E:\Program Files\Dropbox
[2012/06/05 00:21:38 | 000,000,000 | -HSD | C] -- E:\Diskeeper
[2012/06/03 00:02:07 | 000,038,608 | ---- | C] (Diskeeper Corporation) -- E:\WINDOWS\System32\drivers\DKRtWrt.sys
[2012/06/03 00:02:03 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Diskeeper Corporation
[2012/06/03 00:02:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Diskeeper Corporation
[2012/06/03 00:02:02 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2012/06/03 00:01:59 | 000,000,000 | ---D | C] -- E:\Program Files\Windows Home Server
[2012/05/25 09:53:58 | 000,000,000 | ---D | C] -- E:\Documents and Settings\karl\My Documents\Warzone 2100 2.3
[2012/05/25 09:51:56 | 000,444,952 | ---- | C] (Creative Labs) -- E:\WINDOWS\System32\wrap_oal.dll
[2012/05/25 09:51:56 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- E:\WINDOWS\System32\OpenAL32.dll
[2012/05/25 09:51:56 | 000,000,000 | ---D | C] -- E:\Program Files\OpenAL
[696 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[18 E:\WINDOWS\Fonts\*.tmp files -> E:\WINDOWS\Fonts\*.tmp -> ]
[18 E:\WINDOWS\Fonts\*.tmp files -> E:\WINDOWS\Fonts\*.tmp -> ]
[15 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/17 10:03:00 | 000,444,506 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2012/06/17 10:03:00 | 000,072,914 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
[2012/06/17 10:01:00 | 000,000,330 | ---- | M] () -- E:\WINDOWS\tasks\HP Photo Creations Messager.job
[2012/06/17 09:55:58 | 000,013,646 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2012/06/17 09:55:56 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2012/06/15 07:39:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\karl\Desktop\OTL.exe
[2012/06/12 11:33:03 | 000,000,767 | ---- | M] () -- E:\Documents and Settings\karl\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/06/12 11:32:13 | 000,000,611 | ---- | M] () -- E:\Documents and Settings\karl\Desktop\NTREGOPT.lnk
[2012/06/12 11:32:13 | 000,000,592 | ---- | M] () -- E:\Documents and Settings\karl\Desktop\ERUNT.lnk
[2012/06/09 01:40:19 | 000,032,072 | ---- | M] () -- E:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/06/09 01:04:10 | 001,012,656 | ---- | M] () -- E:\Documents and Settings\karl\Desktop\r.exe
[2012/06/09 00:49:53 | 000,001,678 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/08 23:28:57 | 000,143,254 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339194224.bdinstall.bin
[2012/06/08 17:19:14 | 000,107,095 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339172179.bdinstall.bin
[2012/06/08 16:54:06 | 000,100,834 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339170750.bdinstall.bin
[2012/06/08 16:37:33 | 000,022,015 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169853.376.bin
[2012/06/08 16:37:33 | 000,001,392 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2840.bin
[2012/06/08 16:37:33 | 000,000,459 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2848.bin
[2012/06/08 16:37:33 | 000,000,459 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2844.bin
[2012/06/08 16:37:33 | 000,000,459 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2836.bin
[2012/06/08 16:37:33 | 000,000,420 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2852.bin
[2012/06/08 16:35:26 | 000,131,292 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169604.bdinstall.bin
[2012/06/08 16:29:36 | 000,012,992 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169364.bdinstall.bin
[2012/06/08 16:28:53 | 000,087,090 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169319.bdinstall.bin
[2012/06/07 03:01:05 | 000,088,855 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339034451.bdinstall.bin
[2012/06/07 02:56:38 | 000,057,606 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339032990.3600.bin
[2012/06/07 02:56:38 | 000,023,744 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339032990.3572.bin
[2012/06/07 02:56:38 | 000,008,392 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339032990.1316.bin
[2012/06/07 02:56:38 | 000,001,766 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339032990.2740.bin
[2012/06/07 02:36:30 | 000,019,985 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339032990.bdinstall.bin
[2012/06/07 02:24:05 | 000,000,385 | ---- | M] () -- E:\WINDOWS\System32\user_gensett.xml
[2012/06/07 02:10:00 | 000,218,230 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339030941.bdinstall.bin
[2012/06/07 02:00:31 | 000,012,993 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339030829.bdinstall.bin
[2012/06/07 02:00:17 | 000,427,125 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339030458.bdinstall.bin
[2012/06/07 01:54:10 | 000,024,578 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339028487.2404.bin
[2012/06/07 01:54:10 | 000,017,885 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339028487.5872.bin
[2012/06/07 01:54:10 | 000,007,727 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339028487.5212.bin
[2012/06/07 01:54:10 | 000,005,399 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339028487.2472.bin
[2012/06/07 01:21:27 | 000,019,990 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339028486.bdinstall.bin
[2012/06/07 01:14:00 | 000,153,328 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339027849.bdinstall.bin
[2012/06/07 01:10:48 | 000,019,984 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339027848.bdinstall.bin
[2012/06/07 00:37:32 | 000,285,498 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339023653.bdinstall.bin
[2012/06/07 00:05:27 | 000,000,000 | -H-- | M] () -- E:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/06/07 00:05:26 | 000,000,000 | -H-- | M] () -- E:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/06/06 23:26:01 | 000,000,121 | ---- | M] () -- E:\WINDOWS\bdagent.INI
[2012/06/06 06:19:57 | 000,081,984 | ---- | M] () -- E:\WINDOWS\System32\bdod.bin
[2012/06/05 09:43:05 | 000,001,021 | ---- | M] () -- E:\Documents and Settings\karl\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/05 09:42:53 | 000,001,003 | ---- | M] () -- E:\Documents and Settings\karl\Desktop\Dropbox.lnk
[2012/06/04 23:18:15 | 000,001,355 | ---- | M] () -- E:\WINDOWS\imsins.BAK
[2012/06/02 19:30:37 | 000,093,696 | ---- | M] () -- E:\Documents and Settings\karl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/31 14:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/25 09:51:56 | 000,444,952 | ---- | M] (Creative Labs) -- E:\WINDOWS\System32\wrap_oal.dll
[2012/05/25 09:51:56 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- E:\WINDOWS\System32\OpenAL32.dll
[2012/05/25 09:51:55 | 000,000,605 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Warzone 2100.lnk
[2012/05/25 09:49:40 | 000,000,032 | ---- | M] () -- E:\WINDOWS\CD_Start.INI
[2012/05/24 08:56:54 | 000,212,880 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[696 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[15 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/12 14:55:52 | 000,002,185 | ---- | C] () -- E:\Documents and Settings\karl\Start Menu\Programs\Stop StartupMonitor.lnk
[2012/06/12 11:33:03 | 000,000,767 | ---- | C] () -- E:\Documents and Settings\karl\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/06/12 11:32:13 | 000,000,611 | ---- | C] () -- E:\Documents and Settings\karl\Desktop\NTREGOPT.lnk
[2012/06/12 11:32:13 | 000,000,592 | ---- | C] () -- E:\Documents and Settings\karl\Desktop\ERUNT.lnk
[2012/06/12 11:18:49 | 000,001,687 | ---- | C] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2012/06/12 11:18:49 | 000,001,657 | ---- | C] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPointII.lnk
[2012/06/12 11:18:49 | 000,001,021 | ---- | C] () -- E:\Documents and Settings\karl\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/09 10:08:29 | 000,178,176 | ---- | C] () -- E:\WINDOWS\System32\ztvunrar39.dll
[2012/06/09 10:08:29 | 000,162,304 | ---- | C] () -- E:\WINDOWS\System32\ztvunrar36.dll
[2012/06/09 10:08:29 | 000,153,088 | ---- | C] () -- E:\WINDOWS\System32\UNRAR3.dll
[2012/06/09 10:08:29 | 000,077,312 | ---- | C] () -- E:\WINDOWS\System32\ztvunace26.dll
[2012/06/09 10:08:29 | 000,075,264 | ---- | C] () -- E:\WINDOWS\System32\unacev2.dll
[2012/06/09 01:35:17 | 001,012,656 | ---- | C] () -- E:\Documents and Settings\karl\Desktop\r.exe
[2012/06/09 00:49:53 | 000,001,678 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/08 23:57:03 | 000,032,072 | ---- | C] () -- E:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/06/08 23:28:57 | 000,143,254 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339194224.bdinstall.bin
[2012/06/08 17:19:14 | 000,107,095 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339172179.bdinstall.bin
[2012/06/08 16:54:06 | 000,100,834 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339170750.bdinstall.bin
[2012/06/08 16:37:33 | 000,022,015 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169853.376.bin
[2012/06/08 16:37:33 | 000,001,392 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2840.bin
[2012/06/08 16:37:33 | 000,000,459 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2848.bin
[2012/06/08 16:37:33 | 000,000,459 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2844.bin
[2012/06/08 16:37:33 | 000,000,459 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2836.bin
[2012/06/08 16:37:33 | 000,000,420 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2852.bin
[2012/06/08 16:35:26 | 000,131,292 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169604.bdinstall.bin
[2012/06/08 16:29:36 | 000,012,992 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169364.bdinstall.bin
[2012/06/08 16:28:53 | 000,087,090 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169319.bdinstall.bin
[2012/06/07 03:01:05 | 000,088,855 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339034451.bdinstall.bin
[2012/06/07 02:36:32 | 000,057,606 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339032990.3600.bin
[2012/06/07 02:36:31 | 000,008,392 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339032990.1316.bin
[2012/06/07 02:36:31 | 000,001,766 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339032990.2740.bin
[2012/06/07 02:36:30 | 000,023,744 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339032990.3572.bin
[2012/06/07 02:36:30 | 000,019,985 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339032990.bdinstall.bin
[2012/06/07 02:24:05 | 000,000,385 | ---- | C] () -- E:\WINDOWS\System32\user_gensett.xml
[2012/06/07 02:10:00 | 000,218,230 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339030941.bdinstall.bin
[2012/06/07 02:00:31 | 000,012,993 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339030829.bdinstall.bin
[2012/06/07 02:00:17 | 000,427,125 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339030458.bdinstall.bin
[2012/06/07 01:21:30 | 000,017,885 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339028487.5872.bin
[2012/06/07 01:21:28 | 000,007,727 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339028487.5212.bin
[2012/06/07 01:21:27 | 000,024,578 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339028487.2404.bin
[2012/06/07 01:21:27 | 000,019,990 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339028486.bdinstall.bin
[2012/06/07 01:21:27 | 000,005,399 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339028487.2472.bin
[2012/06/07 01:14:00 | 000,153,328 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339027849.bdinstall.bin
[2012/06/07 01:10:48 | 000,019,984 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339027848.bdinstall.bin
[2012/06/07 00:37:32 | 000,285,498 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339023653.bdinstall.bin
[2012/06/07 00:05:27 | 000,000,000 | -H-- | C] () -- E:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/06/07 00:05:26 | 000,000,000 | -H-- | C] () -- E:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/05/25 09:51:55 | 000,000,605 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Warzone 2100.lnk
[2012/05/25 09:49:39 | 000,000,032 | ---- | C] () -- E:\WINDOWS\CD_Start.INI
[2012/02/24 16:48:10 | 000,292,700 | ---- | C] () -- E:\WINDOWS\System32\nvdrsdb1.bin
[2012/02/24 16:48:10 | 000,292,700 | ---- | C] () -- E:\WINDOWS\System32\nvdrsdb0.bin
[2012/02/24 16:48:10 | 000,000,001 | ---- | C] () -- E:\WINDOWS\System32\nvdrssel.bin
[2012/02/24 16:47:46 | 002,783,770 | ---- | C] () -- E:\WINDOWS\System32\nvdata.data
[2012/02/17 00:41:36 | 000,003,072 | ---- | C] () -- E:\WINDOWS\System32\iacenc.dll
[2012/01/27 15:35:21 | 000,000,057 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\Ament.ini
[2011/05/11 19:18:44 | 000,053,248 | ---- | C] () -- E:\WINDOWS\System32\CommonDL.dll
[2011/05/11 19:18:44 | 000,002,413 | ---- | C] () -- E:\WINDOWS\System32\lgAxconfig.ini
[2011/05/08 21:53:13 | 000,085,504 | ---- | C] () -- E:\WINDOWS\System32\ff_vfw.dll
[2010/10/11 23:17:21 | 000,000,760 | ---- | C] () -- E:\Documents and Settings\karl\Application Data\setup_ldm.iss

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >


and.......

Baydon
2012-06-17, 13:36
OTL Extras logfile created on: 17/06/2012 10:23:36 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = E:\Documents and Settings\karl\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.58% Memory free
3.85 Gb Paging File | 2.96 Gb Available in Paging File | 76.91% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 186.27 Gb Total Space | 36.68 Gb Free Space | 19.69% Space Free | Partition Type: NTFS
Drive E: | 368.10 Gb Total Space | 77.33 Gb Free Space | 21.01% Space Free | Partition Type: NTFS
Drive F: | 97.65 Gb Total Space | 45.23 Gb Free Space | 46.31% Space Free | Partition Type: NTFS

Computer Name: CATACOMB | User Name: karl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
http [open] -- "E:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "E:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"58116:TCP" = 58116:TCP:*:Enabled:Pando Media Booster
"58116:UDP" = 58116:UDP:*:Enabled:Pando Media Booster
"57134:TCP" = 57134:TCP:*:Enabled:Pando Media Booster
"57134:UDP" = 57134:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"58116:TCP" = 58116:TCP:*:Enabled:Pando Media Booster
"58116:UDP" = 58116:UDP:*:Enabled:Pando Media Booster
"57134:TCP" = 57134:TCP:*:Enabled:Pando Media Booster
"57134:UDP" = 57134:UDP:*:Enabled:Pando Media Booster
"1109:TCP" = 1109:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"E:\Program Files\Pando Networks\Media Booster\PMB.exe" = E:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CCP\EVE\bin\ExeFile.exe" = C:\Program Files\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile
"E:\Program Files\Games\CCP\EVE\bin\ExeFile.exe" = E:\Program Files\Games\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile
"E:\Program Files\Games\Copy of CCP\EVE\bin\ExeFile.exe" = E:\Program Files\Games\Copy of CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
"E:\Program Files\uTorrent\uTorrent.exe" = E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"E:\Program Files\Games\Chaos Gate\WH40K.exe" = E:\Program Files\Games\Chaos Gate\WH40K.exe:*:Disabled:WH40K
"E:\Program Files\DNA\btdna.exe" = E:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"E:\Program Files\Ventrilo\Ventrilo.exe" = E:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"E:\Program Files\Games\Turbine\Turbine Download Manager\TurbineMessageService.exe" = E:\Program Files\Games\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService
"E:\Program Files\Games\Turbine\Turbine Download Manager\TurbineNetworkService.exe" = E:\Program Files\Games\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService
"E:\Program Files\Games\neverwinter nights 2\nwn2main.exe" = E:\Program Files\Games\neverwinter nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main
"E:\Program Files\Games\neverwinter nights 2\nwn2main_amdxp.exe" = E:\Program Files\Games\neverwinter nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD
"E:\Program Files\Games\neverwinter nights 2\nwupdate.exe" = E:\Program Files\Games\neverwinter nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater
"E:\Program Files\Games\neverwinter nights 2\nwn2server.exe" = E:\Program Files\Games\neverwinter nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server
"H:\AnarchyOnline_18.1.1-Small.exe" = H:\AnarchyOnline_18.1.1-Small.exe:*:Enabled:Anarchy Online
"E:\Program Files\Pando Networks\Media Booster\PMB.exe" = E:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"E:\Program Files\Games\Steam\steamapps\common\left 4 dead\left4dead.exe" = E:\Program Files\Games\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"E:\Documents and Settings\karl\Local Settings\Application Data\Akamai\netsession_win.exe" = E:\Documents and Settings\karl\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface -- (Akamai Technologies, Inc)
"E:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = E:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"E:\Documents and Settings\karl\Application Data\Dropbox\bin\Dropbox.exe" = E:\Documents and Settings\karl\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"E:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe" = E:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Photosmart 5510 series) -- (Hewlett-Packard Co.)
"E:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe" = E:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP Photosmart 5510 series) -- (Hewlett-Packard Co.)
"E:\Program Files\Games\Steam\steamapps\common\star trek online\Star Trek Online.exe" = E:\Program Files\Games\Steam\steamapps\common\star trek online\Star Trek Online.exe:*:Enabled:Star Trek Online -- ()
"E:\Program Files\Games\Steam\steamapps\common\magic the gathering tactics\LaunchPad.exe" = E:\Program Files\Games\Steam\steamapps\common\magic the gathering tactics\LaunchPad.exe:*:Enabled:Magic: The Gathering – Tactics -- ()
"E:\Program Files\Games\Steam\steamapps\common\legend of grimrock\grimrock.exe" = E:\Program Files\Games\Steam\steamapps\common\legend of grimrock\grimrock.exe:*:Enabled:Legend of Grimrock -- ()
"E:\Program Files\Games\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = E:\Program Files\Games\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"E:\Program Files\Games\Steam\steamapps\common\killingfloor\System\KillingFloor.exe" = E:\Program Files\Games\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor -- ()
"E:\WINDOWS\system32\mmc.exe" = E:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{06604771-5346-492A-93C1-486B6CCD10AD}" = MP3 Player
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}" = Nokia Connectivity Cable Driver
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0F8BF571-2F67-4D9C-A844-F5B202A7357F}" = Diskeeper 2011 Professional
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14AFF408-F4FB-4F71-B9A3-C6A1096802BF}" = HP Photosmart 5510 series Basic Device Software
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29466F9C-7C6A-419C-B301-F440FAF78760}" = Nokia PC Suite
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{34B9B494-EF4A-4592-87A8-BE40D0442E86}" = Dawn of War - Soulstorm
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{461B11E8-BF34-4ACB-962A-1CBE905BD9EB}" = LG United Mobile Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{76EFAC4F-1712-401F-B2AE-590B170C9BCE}" = StartupMonitor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}" = User's Guides
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}" = PC Connectivity Solution
"{C067C316-4036-4E97-B013-21DCBE649F81}_is1" = Race for the Galaxy version 0.8.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = Uninstall LG PC Suite III
"{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}" = HP Photosmart 5510 series Help
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1670367-C07F-411f-A196-79D2C65CBEC0}" = PS8200
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = The Lord of the Rings Online™ v03.02.04.8010
"593AFD5277FA19E67C70E56534B45B0DDD9ED9FE" = Windows Driver Package - Razer (HidUsb) HIDClass (01/11/2007 1.0)
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows Driver Package - Nokia Modem (10/12/2007 3.6)
"7-Zip" = 7-Zip 4.65
"819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Anarchy Online_is1" = Anarchy Online
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"DCoder Image Source" = DCoder Image Source (remove only)
"DirectVobSub" = DirectVobSub (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"DVD Flick_is1" = DVD Flick 1.3.0.7
"ERUNT_is1" = ERUNT 1.1j
"EsetOnlineScanner" = ESET Online Scanner
"ffdshow_is1" = ffdshow [rev 3124] [2009-11-03]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Full Pack" = Full Pack Codecs
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"HaaliMkx" = Haali Media Splitter
"HarvEX" = HarvEX
"Hero Lab V3.6e" = Hero Lab V3.6e
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Photo Creations" = HP Photo Creations
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InCD!UninstallKey" = Ahead InCD
"Jagged Alliance - Back in Action_is1" = Jagged Alliance - Back in Action
"Legend of Grimrock" = Legend of Grimrock
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MechWarrior Mercenaries" = MechWarrior 4 Mercenaries
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MRW!UninstallKey" = Ahead InCD EasyWrite Reader
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Ahead Nero - Burning Rom
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenAL" = OpenAL
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"PDFCanvas V1.5" = PDFCanvas V1.5
"Philips Songbird" = Philips Songbird
"PunkBusterSvc" = PunkBuster Services
"Race for the Galaxy_is1" = Race for the Galaxy 0.6.1
"RealMedia" = RealMedia (remove only)
"RealPlayer 6.0" = RealPlayer
"SHOUTcast Source" = SHOUTcast Source (remove only)
"ST Movie Computer.scr" = ST Movie Computer ScreenSaver
"ST6UNST #1" = Full Thrust Ship Creator
"ST6UNST #2" = Full Thrust Ship Creator (h:\Full Thrust\Ship Creator\)
"Steam App 1250" = Killing Floor
"Steam App 201190" = Magic: The Gathering – Tactics
"Steam App 207170" = Legend of Grimrock
"Steam App 220" = Half-Life 2
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 35420" = Killing Floor Mod: Defence Alliance 2
"Steam App 360" = Half-Life Deathmatch: Source
"Steam App 380" = Half-Life 2: Episode One
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 9900" = Star Trek Online
"SystemRequirementsLab" = System Requirements Lab
"Trojan Remover_is1" = Trojan Remover 6.8.3
"U212 Media Kit" = U212 Media Kit
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Warhammer 40,000: Chaos Gate" = Warhammer 40,000: Chaos Gate
"Warzone 2100" = Warzone 2100
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"WinAVIVideoConverter_is1" = WinAVIVideoConverter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 02/06/2012 19:02:09 | Computer Name = CATACOMB | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 02/06/2012 19:02:09 | Computer Name = CATACOMB | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 05/06/2012 14:17:36 | Computer Name = CATACOMB | Source = Application Error | ID = 1000
Description = Faulting application left4dead2.exe, version 0.0.0.0, faulting module
studiorender.dll, version 0.0.0.0, fault address 0x0000c7f3.

Error - 06/06/2012 19:03:31 | Computer Name = CATACOMB | Source = MsiInstaller | ID = 11704
Description = Product: Bitdefender Total Security 2012 -- Error 1704. An installation
for BitDefender GameSafe is currently suspended. You must undo the changes made
by that installation to continue. Do you want to undo those changes?

Error - 06/06/2012 20:12:26 | Computer Name = CATACOMB | Source = MsiInstaller | ID = 11404
Description = Product: BitDefender GameSafe -- Error 1404. Could not delete key
\SYSTEM\CurrentControlSet\Services\bdfsfltr. System error . Verify that you have
sufficient access to that key, or contact your support personnel.

Error - 06/06/2012 21:05:49 | Computer Name = CATACOMB | Source = MsiInstaller | ID = 11704
Description = Product: BitDefender GameSafe -- Error 1704. An installation for Bitdefender
Total Security 2012 is currently suspended. You must undo the changes made by
that installation to continue. Do you want to undo those changes?

[ System Events ]
Error - 14/06/2012 11:09:55 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 15/06/2012 02:34:44 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%230

Error - 15/06/2012 02:34:47 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BDVEDISK

Error - 15/06/2012 11:32:14 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%230

Error - 15/06/2012 11:32:14 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BDVEDISK

Error - 16/06/2012 04:24:31 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the MBAMService service to
connect.

Error - 16/06/2012 04:24:31 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%1053

Error - 16/06/2012 04:24:34 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BDVEDISK

Error - 17/06/2012 04:56:11 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BDVEDISK

Error - 17/06/2012 05:01:57 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).


< End of report >


I could not download aswMBR on this comp so I downloaded on my wifes laptop and ported it over on a flash drive, installed it but it did not download the Avast! program...

a line appeared saying "AVAST engine download error: 0"

I ran the scan option anyway nad here is the log...

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-17 11:12:50
-----------------------------
11:12:50.390 OS Version: Windows 5.1.2600 Service Pack 3
11:12:50.390 Number of processors: 2 586 0xF0B
11:12:50.390 ComputerName: CATACOMB UserName: karl
11:12:51.218 Initialize success
11:12:54.156 AVAST engine download error: 0
11:28:42.890 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
11:28:42.890 Disk 0 Vendor: SAMSUNG_HD501LJ CR100-10 Size: 476938MB BusType: 3
11:28:42.890 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
11:28:42.890 Disk 1 Vendor: WDC_WD2000JD-00HBB0 08.02D08 Size: 190782MB BusType: 3
11:28:42.906 Disk 1 MBR read successfully
11:28:42.906 Disk 1 MBR scan
11:28:42.906 Disk 1 Windows XP default MBR code
11:28:42.906 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 190740 MB offset 63
11:28:42.906 Disk 1 scanning sectors +390636540
11:28:42.968 Disk 1 scanning E:\WINDOWS\system32\drivers
11:28:48.562 Service scanning
11:28:55.062 Service sptd E:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
11:28:56.828 Modules scanning
11:29:16.593 Disk 1 trace - called modules:
11:29:16.593 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys spvs.sys >>UNKNOWN [0x8a9c3938]<<
11:29:16.593 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a980ab8]
11:29:16.593 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000071[0x8a960f18]
11:29:16.593 5 ACPI.sys[b7e67620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-c[0x8a908d98]
11:29:16.593 \Driver\atapi[0x8a964030] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xb80c98b4]
11:29:16.593 Scan finished successfully
11:32:37.046 Disk 1 MBR has been saved successfully to "E:\Documents and Settings\karl\Desktop\MBR.dat"
11:32:37.046 The log file has been saved successfully to "E:\Documents and Settings\karl\Desktop\aswMBR.log"


Kind regards
Karl

Baydon
2012-06-17, 13:40
Sorry but I cannot post the other item as when I click on it the msg "unexpected file format" appears..

Regards
Karl

maxi
2012-06-18, 20:26
Hi Baydon,

This is fairly messy and we have alot to to. More than lightly your problems have been caused from P2P filesharing. I am going to ask you to remove the P2P program before we begin and also I will give you some information on some of the other program you have installed.

Remove P2P Programs


I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.


µTorrent

Please read the Guidelines for P2P Programs (http://forums.spybot.info/showpost.php?p=25290&postcount=4) where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.


Click on Start > All programs > Accessories > Run.
In the open text box copy/paste appwiz.cpl Then click Ok.
Uninstall the programs listed above (in red) and any other P2P you have installed NOW. Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Pando Media Booster
This program uses bits and pieces of files from different people when it puts together a download.
This amounts to file sharing, and may not be totally safe. The program itself is OK, but it's the sharing that is better avoided. I would recommend you remove it from your computer.



PunkBuster warning

I noticed you have PunkBuster (http://en.wikipedia.org/wiki/PunkBuster) installed... read the "Published features" section.
PunkBuster can take control over various aspects of your computer and some gaming tools not unlike PunkBuster, also hinder their removals.
By the definition we use, PunkBuster is actual spyware. Therefore, I'm asking you to choose one of the following options:
We "try" to leave PunkBuster alone... however, there is no guarantee a spyware component doesn't "inadvertently" get taken out... so PunkBuster might fail. This will also prevent you from playing games using PunkBuster enabled servers.
We can just remove PunkBuster. You can reinstall it afterwards if you wish, but please keep in mind that we do consider it spyware.
We can not clean this computer at all. This ensures PunkBuster will continue to function.
If you choose to remove PunkBuster, please perform the uninstall steps below. Otherwise, let me know what other option you chose.

Uninstall PunkBuster
Using the normal uninstall methods... Control Panel - Add/Remove Programs (XP) or Programs and Features (Vista - W7)
Uninstall PunkBuster
PunkBuster Services
Any other Punk Buster entries...

If there are any remnants left... you can use the Punk Buster Uninstall process:
Please download PBSVC Setup Program (http://www.evenbalance.com/downloads/pbsvc/pbsvc.exe). Save it to your desktop.
Double click on pbsvc.exe to start it... then click Uninstall.
Vista/W7 users: right-click on pbsvc.exe, then select "Run As Administrator". If UAC prompts, please allow it.
Once that's finished...
Click Start > Run and copy and paste the following into the open text box:

cmd /c for %i in (A B K) do sc delete PnkBstr%i
Click OK. A black box will flash very briefly, this is normal.
Double click My Computer on your desktop and browse to C:\windows\system32\drivers
Locate the file: PnkBstrK.sys... if found delete it.
Let me know if you performed these steps successfully.


Please run a new scan with OTL when you have done the above.

Regards maxi :)

Baydon
2012-06-19, 14:28
here are the new logs.


OTL logfile created on: 19/06/2012 12:01:16 - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = E:\Documents and Settings\karl\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.79% Memory free
3.85 Gb Paging File | 3.14 Gb Available in Paging File | 81.63% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 186.27 Gb Total Space | 36.68 Gb Free Space | 19.69% Space Free | Partition Type: NTFS
Drive E: | 368.10 Gb Total Space | 138.11 Gb Free Space | 37.52% Space Free | Partition Type: NTFS
Drive F: | 97.65 Gb Total Space | 27.77 Gb Free Space | 28.44% Space Free | Partition Type: NTFS

Computer Name: CATACOMB | User Name: karl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/15 07:39:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\karl\Desktop\OTL.exe
PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- E:\Documents and Settings\karl\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/05/21 21:38:02 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/05/08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- E:\Documents and Settings\karl\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/04/27 10:05:00 | 000,924,600 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/04 17:15:34 | 002,163,024 | ---- | M] (Diskeeper Corporation) -- F:\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- E:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/05/25 18:23:16 | 001,801,064 | ---- | M] (Hewlett-Packard Co.) -- E:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
PRC - [2011/03/21 22:10:00 | 001,230,704 | ---- | M] () -- E:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/11/20 03:23:30 | 000,380,416 | ---- | M] () -- E:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
PRC - [2009/07/21 10:17:46 | 000,323,584 | ---- | M] (Logitech Inc.) -- E:\Program Files\Logitech\SetPoint II\SetPointII.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- E:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/11/07 17:43:36 | 000,809,488 | ---- | M] (Logitech, Inc.) -- E:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe
PRC - [2008/01/07 14:28:02 | 000,143,360 | ---- | M] () -- E:\Program Files\Razer\Lycosa\razertra.exe
PRC - [2007/11/20 17:53:36 | 000,147,456 | ---- | M] (Razer USA Ltd.) -- E:\Program Files\Razer\Lycosa\razerhid.exe
PRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- E:\WINDOWS\system32\HPZipm12.exe
PRC - [2000/05/20 17:23:48 | 000,086,016 | ---- | M] () -- E:\WINDOWS\StartupMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/19 11:50:29 | 000,065,024 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/06/19 11:50:29 | 000,052,736 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/06/09 00:50:35 | 000,117,760 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/06/09 00:50:35 | 000,052,224 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/04/27 10:05:00 | 001,952,696 | ---- | M] () -- E:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/10 05:10:00 | 001,568,576 | ---- | M] () -- E:\Program Files\NVIDIA Corporation\nview\nView.dll
MOD - [2011/03/21 22:10:36 | 000,096,112 | ---- | M] () -- E:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 22:10:00 | 001,230,704 | ---- | M] () -- E:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/20 03:23:30 | 000,380,416 | ---- | M] () -- E:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
MOD - [2009/01/15 09:19:00 | 000,466,944 | ---- | M] () -- E:\WINDOWS\system32\nvshell.dll
MOD - [2009/01/10 23:15:44 | 000,159,744 | ---- | M] () -- E:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll
MOD - [2009/01/10 23:14:06 | 000,023,552 | ---- | M] () -- E:\Program Files\Haali\MatroskaSplitter\mkunicode.dll
MOD - [2008/01/07 14:28:02 | 000,143,360 | ---- | M] () -- E:\Program Files\Razer\Lycosa\razertra.exe
MOD - [2000/05/20 17:23:48 | 000,086,016 | ---- | M] () -- E:\WINDOWS\StartupMonitor.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/27 10:05:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/04 17:15:34 | 002,163,024 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- F:\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- E:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- E:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/11/07 17:40:52 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- E:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/12/10 14:59:04 | 000,353,280 | ---- | M] (Nokia.) [On_Demand | Stopped] -- E:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- E:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\DOCUME~1\karl\LOCALS~1\Temp\glwsanaj.sys -- (Micorsoft Windows Service)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\bdvedisk.sys -- (BDVEDISK)
DRV - File not found [File_System | On_Demand | Stopped] -- system32\DRIVERS\avckf.sys -- (avckf)
DRV - File not found [File_System | Unavailable | Unknown] -- system32\DRIVERS\avc3.sys -- (avc3)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\DOCUME~1\karl\LOCALS~1\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2012/06/09 01:40:19 | 000,032,072 | ---- | M] () [File_System | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- E:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/06 11:29:46 | 000,238,664 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
DRV - [2011/02/14 02:04:48 | 000,038,608 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- E:\WINDOWS\system32\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV - [2010/05/12 12:23:04 | 000,016,896 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\FlashUSB.sys -- (FlashUSB)
DRV - [2009/09/29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009/09/29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009/09/29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2009/06/17 10:56:18 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 10:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 10:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- E:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/05/20 22:32:28 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/11/19 17:09:10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/19 17:09:08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/19 17:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/09/26 10:52:00 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/07/23 13:05:48 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/04/13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/26 23:59:33 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/01/18 15:43:16 | 000,016,128 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\Lycosa.sys -- (LycoFltr)
DRV - [2007/08/07 10:40:38 | 000,098,944 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/06/13 16:47:12 | 000,048,256 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2005/08/10 15:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005/08/10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2003/02/12 12:16:10 | 000,389,504 | ---- | M] (ahead software) [File_System | Auto | Running] -- E:\WINDOWS\System32\drivers\bsudf.sys -- (BsUDF)
DRV - [2002/10/08 11:03:15 | 000,007,582 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- E:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)
DRV - [2002/06/06 00:07:00 | 000,009,344 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\bsstor.sys -- (BsStor)
DRV - [2001/08/17 15:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)
DRV - [2001/08/17 13:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home
IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {B5EDFBB0-9827-11DA-A72B-0800200C9A66}:0.7.2008093001
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: canitbecheaper@trafficbroker.co.uk:2.4
FF - prefs.js..extensions.enabledItems: fastYoutubeDownloader@yevgenyandrov.net:1.2.2
FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.8.1
FF - prefs.js..extensions.enabledItems: {ADA51547-FEF6-4b2c-8E96-EE45BDF53DE1}:1.6.0
FF - prefs.js..extensions.enabledItems: {ff356687-aa08-463d-a46c-11c451824939}:5.0.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: E:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: E:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: E:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: E:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2012/04/27 10:05:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2011/11/26 18:40:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: E:\Program Files\PriceGong\2.1.0\FF

[2010/12/26 20:14:34 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\karl\Application Data\Mozilla\Extensions
[2010/12/26 20:14:34 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\karl\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2012/05/06 09:48:19 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions
[2010/07/18 22:08:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/02/28 20:55:10 | 000,000,000 | ---D | M] (Orbit Yellow 2006) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\{71073f20-deb8-11da-95c9-00e08161165f}
[2008/08/27 23:01:25 | 000,000,000 | ---D | M] (Abstract Zune) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\{7ef7f4d6-947d-11dc-8314-0800200c9a66}
[2010/06/26 23:03:06 | 000,000,000 | ---D | M] (MozXP) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\{ADA51547-FEF6-4b2c-8E96-EE45BDF53DE1}
[2009/01/22 17:16:35 | 000,000,000 | ---D | M] ("Forecastfox l10n") -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\{B5EDFBB0-9827-11DA-A72B-0800200C9A66}
[2009/02/07 12:55:36 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010/06/26 23:07:18 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/05/10 12:46:14 | 000,000,000 | ---D | M] (British English Dictionary) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/10/27 22:35:40 | 000,000,000 | ---D | M] (FacePAD: Facebook Photo Album Downloader) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\facepad@lazyrussian.com
[2010/09/02 22:19:58 | 000,000,000 | ---D | M] (Fast Youtube Downloader) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\fastYoutubeDownloader@yevgenyandrov.net
[2012/03/20 00:02:28 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
[2011/11/24 15:34:06 | 000,042,737 | ---- | M] () (No name found) -- E:\DOCUMENTS AND SETTINGS\KARL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYDCAQ31.DEFAULT\EXTENSIONS\{AFF87FA2-A58E-4EDD-B852-0A20203C1E17}.XPI
[2011/05/10 12:46:14 | 000,060,249 | ---- | M] () (No name found) -- E:\DOCUMENTS AND SETTINGS\KARL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYDCAQ31.DEFAULT\EXTENSIONS\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}.XPI
[2012/02/19 22:48:23 | 000,246,025 | ---- | M] () (No name found) -- E:\DOCUMENTS AND SETTINGS\KARL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYDCAQ31.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
[2012/02/28 16:09:44 | 000,094,025 | ---- | M] () (No name found) -- E:\DOCUMENTS AND SETTINGS\KARL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYDCAQ31.DEFAULT\EXTENSIONS\CANITBECHEAPER@TRAFFICBROKER.CO.UK.XPI
[2012/04/27 10:05:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/10 23:36:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/27 10:04:58 | 000,001,525 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/05/11 18:46:31 | 000,002,191 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/04/27 10:04:58 | 000,002,252 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/27 10:04:58 | 000,000,935 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/27 10:04:58 | 000,001,166 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/27 10:04:58 | 000,002,040 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/04/27 10:04:58 | 000,001,121 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/02/12 16:56:59 | 000,000,698 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] E:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] E:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] E:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Lycosa] E:\Program Files\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] E:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] E:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] E:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [Philips Device Listener] E:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKLM..\Run: [Run StartupMonitor] E:\WINDOWS\StartupMonitor.exe ()
O4 - HKLM..\Run: [TrojanScanner] E:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004..\Run: [Akamai NetSession Interface] E:\Documents and Settings\karl\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004..\Run: [HP Photosmart 5510 series (NET)] E:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004..\Run: [YwvLwqew] E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe File not found
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPointII.lnk = E:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
O4 - Startup: E:\Documents and Settings\karl\Start Menu\Programs\Startup\Dropbox.lnk = E:\Documents and Settings\karl\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: E:\Documents and Settings\karl\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = E:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download with &Media Finder - E:\Program Files\Media Finder\hook.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - E:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204058397140 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://E:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://E:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5CE5140-596A-45AF-8805-CA7DF2FA4B8D}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\userinit.exe) - E:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe) - E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: E:\Documents and Settings\karl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Documents and Settings\karl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{01622bc4-7bf4-11e0-837d-000ee75003aa}\Shell - "" = AutoRun
O33 - MountPoints2\{01622bc4-7bf4-11e0-837d-000ee75003aa}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{01622bc4-7bf4-11e0-837d-000ee75003aa}\Shell\AutoRun\command - "" = H:\USBAutoRun.exe
O33 - MountPoints2\{bb9b3fdc-1123-11e0-8252-000ee75003aa}\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\{ee80ddc4-6a03-11de-bf39-000ee75003aa}\Shell - "" = AutoRun
O33 - MountPoints2\{ee80ddc4-6a03-11de-bf39-000ee75003aa}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ee80ddc4-6a03-11de-bf39-000ee75003aa}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/17 10:49:53 | 004,731,392 | ---- | C] (AVAST Software) -- E:\Documents and Settings\karl\Desktop\aswMBR.exe
[2012/06/15 07:39:29 | 000,596,480 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\karl\Desktop\OTL.exe
[2012/06/15 07:38:02 | 000,000,000 | ---D | C] -- E:\Documents and Settings\karl\Desktop\15-06-2012
[2012/06/12 11:33:19 | 000,000,000 | ---D | C] -- E:\WINDOWS\ERDNT
[2012/06/12 11:32:13 | 000,000,000 | ---D | C] -- E:\Program Files\ERUNT
[2012/06/12 11:32:13 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/06/09 10:09:46 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/09 10:09:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\karl\My Documents\Simply Super Software
[2012/06/09 10:08:30 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Trojan Remover
[2012/06/09 10:08:29 | 000,598,528 | ---- | C] (Igor Pavlov) -- E:\WINDOWS\System32\ztv7z.dll
[2012/06/09 10:08:29 | 000,069,632 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\ztvcabinet.dll
[2012/06/09 10:08:28 | 000,000,000 | ---D | C] -- E:\Program Files\Trojan Remover
[2012/06/09 10:08:28 | 000,000,000 | ---D | C] -- E:\Documents and Settings\karl\Application Data\Simply Super Software
[2012/06/09 10:08:28 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Simply Super Software
[2012/06/09 00:50:26 | 000,000,000 | ---D | C] -- E:\Documents and Settings\karl\Application Data\SUPERAntiSpyware.com
[2012/06/09 00:49:53 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/06/09 00:49:50 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/06/09 00:49:50 | 000,000,000 | ---D | C] -- E:\Program Files\SUPERAntiSpyware
[2012/06/08 23:55:36 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2012/06/08 23:55:36 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/08 00:06:38 | 000,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2012/06/07 02:08:22 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Bitdefender
[2012/06/07 02:07:45 | 000,000,000 | ---D | C] -- E:\Documents and Settings\karl\Application Data\Bitdefender
[2012/06/07 01:12:46 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Bitdefender 2012
[2012/06/07 00:40:46 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\BDLogging
[2012/06/07 00:01:01 | 000,000,000 | ---D | C] -- E:\Documents and Settings\karl\Application Data\QuickScan
[2012/06/06 23:33:34 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\SWF Studio
[2012/06/05 09:43:00 | 000,000,000 | ---D | C] -- E:\Program Files\Dropbox
[2012/06/05 00:21:38 | 000,000,000 | -HSD | C] -- E:\Diskeeper
[2012/06/03 00:02:07 | 000,038,608 | ---- | C] (Diskeeper Corporation) -- E:\WINDOWS\System32\drivers\DKRtWrt.sys
[2012/06/03 00:02:03 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Diskeeper Corporation
[2012/06/03 00:02:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Diskeeper Corporation
[2012/06/03 00:02:02 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2012/06/03 00:01:59 | 000,000,000 | ---D | C] -- E:\Program Files\Windows Home Server
[2012/05/25 09:53:58 | 000,000,000 | ---D | C] -- E:\Documents and Settings\karl\My Documents\Warzone 2100 2.3
[2012/05/25 09:51:56 | 000,444,952 | ---- | C] (Creative Labs) -- E:\WINDOWS\System32\wrap_oal.dll
[2012/05/25 09:51:56 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- E:\WINDOWS\System32\OpenAL32.dll
[2012/05/25 09:51:56 | 000,000,000 | ---D | C] -- E:\Program Files\OpenAL
[696 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[18 E:\WINDOWS\Fonts\*.tmp files -> E:\WINDOWS\Fonts\*.tmp -> ]
[18 E:\WINDOWS\Fonts\*.tmp files -> E:\WINDOWS\Fonts\*.tmp -> ]
[15 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/19 12:01:00 | 000,000,330 | ---- | M] () -- E:\WINDOWS\tasks\HP Photo Creations Messager.job
[2012/06/19 11:54:06 | 000,444,506 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2012/06/19 11:54:06 | 000,072,914 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
[2012/06/19 11:49:44 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2012/06/19 10:17:38 | 000,095,232 | ---- | M] () -- E:\Documents and Settings\karl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/19 10:07:09 | 000,013,646 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2012/06/17 11:32:37 | 000,000,512 | ---- | M] () -- E:\Documents and Settings\karl\Desktop\MBR.dat
[2012/06/17 10:50:48 | 004,731,392 | ---- | M] (AVAST Software) -- E:\Documents and Settings\karl\Desktop\aswMBR.exe
[2012/06/15 07:39:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\karl\Desktop\OTL.exe
[2012/06/12 11:33:03 | 000,000,767 | ---- | M] () -- E:\Documents and Settings\karl\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/06/12 11:32:13 | 000,000,611 | ---- | M] () -- E:\Documents and Settings\karl\Desktop\NTREGOPT.lnk
[2012/06/12 11:32:13 | 000,000,592 | ---- | M] () -- E:\Documents and Settings\karl\Desktop\ERUNT.lnk
[2012/06/09 01:40:19 | 000,032,072 | ---- | M] () -- E:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/06/09 01:04:10 | 001,012,656 | ---- | M] () -- E:\Documents and Settings\karl\Desktop\r.exe
[2012/06/09 00:49:53 | 000,001,678 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/08 23:28:57 | 000,143,254 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339194224.bdinstall.bin
[2012/06/08 17:19:14 | 000,107,095 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339172179.bdinstall.bin
[2012/06/08 16:54:06 | 000,100,834 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339170750.bdinstall.bin
[2012/06/08 16:37:33 | 000,022,015 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169853.376.bin
[2012/06/08 16:37:33 | 000,001,392 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2840.bin
[2012/06/08 16:37:33 | 000,000,459 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2848.bin
[2012/06/08 16:37:33 | 000,000,459 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2844.bin
[2012/06/08 16:37:33 | 000,000,459 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2836.bin
[2012/06/08 16:37:33 | 000,000,420 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2852.bin
[2012/06/08 16:35:26 | 000,131,292 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169604.bdinstall.bin
[2012/06/08 16:29:36 | 000,012,992 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169364.bdinstall.bin
[2012/06/08 16:28:53 | 000,087,090 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169319.bdinstall.bin
[2012/06/07 03:01:05 | 000,088,855 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339034451.bdinstall.bin
[2012/06/07 02:56:38 | 000,057,606 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339032990.3600.bin
[2012/06/07 02:56:38 | 000,023,744 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339032990.3572.bin
[2012/06/07 02:56:38 | 000,008,392 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339032990.1316.bin
[2012/06/07 02:56:38 | 000,001,766 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339032990.2740.bin
[2012/06/07 02:36:30 | 000,019,985 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339032990.bdinstall.bin
[2012/06/07 02:24:05 | 000,000,385 | ---- | M] () -- E:\WINDOWS\System32\user_gensett.xml
[2012/06/07 02:10:00 | 000,218,230 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339030941.bdinstall.bin
[2012/06/07 02:00:31 | 000,012,993 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339030829.bdinstall.bin
[2012/06/07 02:00:17 | 000,427,125 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339030458.bdinstall.bin
[2012/06/07 01:54:10 | 000,024,578 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339028487.2404.bin
[2012/06/07 01:54:10 | 000,017,885 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339028487.5872.bin
[2012/06/07 01:54:10 | 000,007,727 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339028487.5212.bin
[2012/06/07 01:54:10 | 000,005,399 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339028487.2472.bin
[2012/06/07 01:21:27 | 000,019,990 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339028486.bdinstall.bin
[2012/06/07 01:14:00 | 000,153,328 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339027849.bdinstall.bin
[2012/06/07 01:10:48 | 000,019,984 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339027848.bdinstall.bin
[2012/06/07 00:37:32 | 000,285,498 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339023653.bdinstall.bin
[2012/06/07 00:05:27 | 000,000,000 | -H-- | M] () -- E:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/06/07 00:05:26 | 000,000,000 | -H-- | M] () -- E:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/06/06 23:26:01 | 000,000,121 | ---- | M] () -- E:\WINDOWS\bdagent.INI
[2012/06/06 06:19:57 | 000,081,984 | ---- | M] () -- E:\WINDOWS\System32\bdod.bin
[2012/06/05 09:43:05 | 000,001,021 | ---- | M] () -- E:\Documents and Settings\karl\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/05 09:42:53 | 000,001,003 | ---- | M] () -- E:\Documents and Settings\karl\Desktop\Dropbox.lnk
[2012/06/04 23:18:15 | 000,001,355 | ---- | M] () -- E:\WINDOWS\imsins.BAK
[2012/05/31 14:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/25 09:51:56 | 000,444,952 | ---- | M] (Creative Labs) -- E:\WINDOWS\System32\wrap_oal.dll
[2012/05/25 09:51:56 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- E:\WINDOWS\System32\OpenAL32.dll
[2012/05/25 09:51:55 | 000,000,605 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Warzone 2100.lnk
[2012/05/25 09:49:40 | 000,000,032 | ---- | M] () -- E:\WINDOWS\CD_Start.INI
[2012/05/24 08:56:54 | 000,212,880 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[696 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[15 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/17 11:32:37 | 000,000,512 | ---- | C] () -- E:\Documents and Settings\karl\Desktop\MBR.dat
[2012/06/12 14:55:52 | 000,002,185 | ---- | C] () -- E:\Documents and Settings\karl\Start Menu\Programs\Stop StartupMonitor.lnk
[2012/06/12 11:33:03 | 000,000,767 | ---- | C] () -- E:\Documents and Settings\karl\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/06/12 11:32:13 | 000,000,611 | ---- | C] () -- E:\Documents and Settings\karl\Desktop\NTREGOPT.lnk
[2012/06/12 11:32:13 | 000,000,592 | ---- | C] () -- E:\Documents and Settings\karl\Desktop\ERUNT.lnk
[2012/06/12 11:18:49 | 000,001,687 | ---- | C] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2012/06/12 11:18:49 | 000,001,657 | ---- | C] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPointII.lnk
[2012/06/12 11:18:49 | 000,001,021 | ---- | C] () -- E:\Documents and Settings\karl\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/09 10:08:29 | 000,178,176 | ---- | C] () -- E:\WINDOWS\System32\ztvunrar39.dll
[2012/06/09 10:08:29 | 000,162,304 | ---- | C] () -- E:\WINDOWS\System32\ztvunrar36.dll
[2012/06/09 10:08:29 | 000,153,088 | ---- | C] () -- E:\WINDOWS\System32\UNRAR3.dll
[2012/06/09 10:08:29 | 000,077,312 | ---- | C] () -- E:\WINDOWS\System32\ztvunace26.dll
[2012/06/09 10:08:29 | 000,075,264 | ---- | C] () -- E:\WINDOWS\System32\unacev2.dll
[2012/06/09 01:35:17 | 001,012,656 | ---- | C] () -- E:\Documents and Settings\karl\Desktop\r.exe
[2012/06/09 00:49:53 | 000,001,678 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/08 23:57:03 | 000,032,072 | ---- | C] () -- E:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/06/08 23:28:57 | 000,143,254 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339194224.bdinstall.bin
[2012/06/08 17:19:14 | 000,107,095 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339172179.bdinstall.bin
[2012/06/08 16:54:06 | 000,100,834 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339170750.bdinstall.bin
[2012/06/08 16:37:33 | 000,022,015 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169853.376.bin
[2012/06/08 16:37:33 | 000,001,392 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2840.bin
[2012/06/08 16:37:33 | 000,000,459 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2848.bin
[2012/06/08 16:37:33 | 000,000,459 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2844.bin
[2012/06/08 16:37:33 | 000,000,459 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2836.bin
[2012/06/08 16:37:33 | 000,000,420 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2852.bin
[2012/06/08 16:35:26 | 000,131,292 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169604.bdinstall.bin
[2012/06/08 16:29:36 | 000,012,992 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169364.bdinstall.bin
[2012/06/08 16:28:53 | 000,087,090 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169319.bdinstall.bin
[2012/06/07 03:01:05 | 000,088,855 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339034451.bdinstall.bin
[2012/06/07 02:36:32 | 000,057,606 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339032990.3600.bin
[2012/06/07 02:36:31 | 000,008,392 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339032990.1316.bin
[2012/06/07 02:36:31 | 000,001,766 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339032990.2740.bin
[2012/06/07 02:36:30 | 000,023,744 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339032990.3572.bin
[2012/06/07 02:36:30 | 000,019,985 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339032990.bdinstall.bin
[2012/06/07 02:24:05 | 000,000,385 | ---- | C] () -- E:\WINDOWS\System32\user_gensett.xml
[2012/06/07 02:10:00 | 000,218,230 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339030941.bdinstall.bin
[2012/06/07 02:00:31 | 000,012,993 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339030829.bdinstall.bin
[2012/06/07 02:00:17 | 000,427,125 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339030458.bdinstall.bin
[2012/06/07 01:21:30 | 000,017,885 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339028487.5872.bin
[2012/06/07 01:21:28 | 000,007,727 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339028487.5212.bin
[2012/06/07 01:21:27 | 000,024,578 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339028487.2404.bin
[2012/06/07 01:21:27 | 000,019,990 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339028486.bdinstall.bin
[2012/06/07 01:21:27 | 000,005,399 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339028487.2472.bin
[2012/06/07 01:14:00 | 000,153,328 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339027849.bdinstall.bin
[2012/06/07 01:10:48 | 000,019,984 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339027848.bdinstall.bin
[2012/06/07 00:37:32 | 000,285,498 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339023653.bdinstall.bin
[2012/06/07 00:05:27 | 000,000,000 | -H-- | C] () -- E:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/06/07 00:05:26 | 000,000,000 | -H-- | C] () -- E:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/05/25 09:51:55 | 000,000,605 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Warzone 2100.lnk
[2012/05/25 09:49:39 | 000,000,032 | ---- | C] () -- E:\WINDOWS\CD_Start.INI
[2012/02/24 16:48:10 | 000,292,700 | ---- | C] () -- E:\WINDOWS\System32\nvdrsdb1.bin
[2012/02/24 16:48:10 | 000,292,700 | ---- | C] () -- E:\WINDOWS\System32\nvdrsdb0.bin
[2012/02/24 16:48:10 | 000,000,001 | ---- | C] () -- E:\WINDOWS\System32\nvdrssel.bin
[2012/02/24 16:47:46 | 002,783,770 | ---- | C] () -- E:\WINDOWS\System32\nvdata.data
[2012/02/17 00:41:36 | 000,003,072 | ---- | C] () -- E:\WINDOWS\System32\iacenc.dll
[2012/01/27 15:35:21 | 000,000,057 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\Ament.ini
[2011/05/11 19:18:44 | 000,053,248 | ---- | C] () -- E:\WINDOWS\System32\CommonDL.dll
[2011/05/11 19:18:44 | 000,002,413 | ---- | C] () -- E:\WINDOWS\System32\lgAxconfig.ini
[2011/05/08 21:53:13 | 000,085,504 | ---- | C] () -- E:\WINDOWS\System32\ff_vfw.dll
[2010/10/11 23:17:21 | 000,000,760 | ---- | C] () -- E:\Documents and Settings\karl\Application Data\setup_ldm.iss

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

Baydon
2012-06-19, 14:29
and...



OTL Extras logfile created on: 19/06/2012 12:01:16 - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = E:\Documents and Settings\karl\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.79% Memory free
3.85 Gb Paging File | 3.14 Gb Available in Paging File | 81.63% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 186.27 Gb Total Space | 36.68 Gb Free Space | 19.69% Space Free | Partition Type: NTFS
Drive E: | 368.10 Gb Total Space | 138.11 Gb Free Space | 37.52% Space Free | Partition Type: NTFS
Drive F: | 97.65 Gb Total Space | 27.77 Gb Free Space | 28.44% Space Free | Partition Type: NTFS

Computer Name: CATACOMB | User Name: karl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
http [open] -- "E:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "E:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"57134:TCP" = 57134:TCP:*:Enabled:Pando Media Booster
"57134:UDP" = 57134:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"57134:TCP" = 57134:TCP:*:Enabled:Pando Media Booster
"57134:UDP" = 57134:UDP:*:Enabled:Pando Media Booster
"1042:TCP" = 1042:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CCP\EVE\bin\ExeFile.exe" = C:\Program Files\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile
"E:\WINDOWS\system32\PnkBstrA.exe" = E:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
"E:\WINDOWS\system32\PnkBstrB.exe" = E:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
"E:\Program Files\Games\CCP\EVE\bin\ExeFile.exe" = E:\Program Files\Games\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile
"E:\Program Files\Games\Copy of CCP\EVE\bin\ExeFile.exe" = E:\Program Files\Games\Copy of CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
"E:\Program Files\Games\Chaos Gate\WH40K.exe" = E:\Program Files\Games\Chaos Gate\WH40K.exe:*:Disabled:WH40K
"E:\Program Files\DNA\btdna.exe" = E:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"E:\Program Files\Ventrilo\Ventrilo.exe" = E:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"E:\Program Files\Games\Turbine\Turbine Download Manager\TurbineMessageService.exe" = E:\Program Files\Games\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService
"E:\Program Files\Games\Turbine\Turbine Download Manager\TurbineNetworkService.exe" = E:\Program Files\Games\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService
"E:\Program Files\Games\neverwinter nights 2\nwn2main.exe" = E:\Program Files\Games\neverwinter nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main
"E:\Program Files\Games\neverwinter nights 2\nwn2main_amdxp.exe" = E:\Program Files\Games\neverwinter nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD
"E:\Program Files\Games\neverwinter nights 2\nwupdate.exe" = E:\Program Files\Games\neverwinter nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater
"E:\Program Files\Games\neverwinter nights 2\nwn2server.exe" = E:\Program Files\Games\neverwinter nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server
"H:\AnarchyOnline_18.1.1-Small.exe" = H:\AnarchyOnline_18.1.1-Small.exe:*:Enabled:Anarchy Online
"E:\Program Files\Games\Steam\steamapps\common\left 4 dead\left4dead.exe" = E:\Program Files\Games\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"E:\Documents and Settings\karl\Local Settings\Application Data\Akamai\netsession_win.exe" = E:\Documents and Settings\karl\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface -- (Akamai Technologies, Inc)
"E:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = E:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"E:\Documents and Settings\karl\Application Data\Dropbox\bin\Dropbox.exe" = E:\Documents and Settings\karl\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"E:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe" = E:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Photosmart 5510 series) -- (Hewlett-Packard Co.)
"E:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe" = E:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP Photosmart 5510 series) -- (Hewlett-Packard Co.)
"E:\Program Files\Games\Steam\steamapps\common\star trek online\Star Trek Online.exe" = E:\Program Files\Games\Steam\steamapps\common\star trek online\Star Trek Online.exe:*:Enabled:Star Trek Online -- ()
"E:\Program Files\Games\Steam\steamapps\common\magic the gathering tactics\LaunchPad.exe" = E:\Program Files\Games\Steam\steamapps\common\magic the gathering tactics\LaunchPad.exe:*:Enabled:Magic: The Gathering – Tactics -- ()
"E:\Program Files\Games\Steam\steamapps\common\legend of grimrock\grimrock.exe" = E:\Program Files\Games\Steam\steamapps\common\legend of grimrock\grimrock.exe:*:Enabled:Legend of Grimrock -- ()
"E:\Program Files\Games\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = E:\Program Files\Games\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"E:\Program Files\Games\Steam\steamapps\common\killingfloor\System\KillingFloor.exe" = E:\Program Files\Games\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor -- ()
"E:\WINDOWS\system32\mmc.exe" = E:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{06604771-5346-492A-93C1-486B6CCD10AD}" = MP3 Player
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}" = Nokia Connectivity Cable Driver
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0F8BF571-2F67-4D9C-A844-F5B202A7357F}" = Diskeeper 2011 Professional
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14AFF408-F4FB-4F71-B9A3-C6A1096802BF}" = HP Photosmart 5510 series Basic Device Software
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29466F9C-7C6A-419C-B301-F440FAF78760}" = Nokia PC Suite
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{34B9B494-EF4A-4592-87A8-BE40D0442E86}" = Dawn of War - Soulstorm
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{461B11E8-BF34-4ACB-962A-1CBE905BD9EB}" = LG United Mobile Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{76EFAC4F-1712-401F-B2AE-590B170C9BCE}" = StartupMonitor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}" = User's Guides
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}" = PC Connectivity Solution
"{C067C316-4036-4E97-B013-21DCBE649F81}_is1" = Race for the Galaxy version 0.8.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = Uninstall LG PC Suite III
"{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}" = HP Photosmart 5510 series Help
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1670367-C07F-411f-A196-79D2C65CBEC0}" = PS8200
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = The Lord of the Rings Online™ v03.02.04.8010
"593AFD5277FA19E67C70E56534B45B0DDD9ED9FE" = Windows Driver Package - Razer (HidUsb) HIDClass (01/11/2007 1.0)
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows Driver Package - Nokia Modem (10/12/2007 3.6)
"7-Zip" = 7-Zip 4.65
"819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Anarchy Online_is1" = Anarchy Online
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"DCoder Image Source" = DCoder Image Source (remove only)
"DirectVobSub" = DirectVobSub (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"DVD Flick_is1" = DVD Flick 1.3.0.7
"ERUNT_is1" = ERUNT 1.1j
"EsetOnlineScanner" = ESET Online Scanner
"ffdshow_is1" = ffdshow [rev 3124] [2009-11-03]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Full Pack" = Full Pack Codecs
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"HaaliMkx" = Haali Media Splitter
"HarvEX" = HarvEX
"Hero Lab V3.6e" = Hero Lab V3.6e
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Photo Creations" = HP Photo Creations
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InCD!UninstallKey" = Ahead InCD
"Jagged Alliance - Back in Action_is1" = Jagged Alliance - Back in Action
"Legend of Grimrock" = Legend of Grimrock
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MechWarrior Mercenaries" = MechWarrior 4 Mercenaries
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MRW!UninstallKey" = Ahead InCD EasyWrite Reader
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Ahead Nero - Burning Rom
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenAL" = OpenAL
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"PDFCanvas V1.5" = PDFCanvas V1.5
"Philips Songbird" = Philips Songbird
"Race for the Galaxy_is1" = Race for the Galaxy 0.6.1
"RealMedia" = RealMedia (remove only)
"RealPlayer 6.0" = RealPlayer
"SHOUTcast Source" = SHOUTcast Source (remove only)
"ST Movie Computer.scr" = ST Movie Computer ScreenSaver
"ST6UNST #1" = Full Thrust Ship Creator
"ST6UNST #2" = Full Thrust Ship Creator (h:\Full Thrust\Ship Creator\)
"Steam App 1250" = Killing Floor
"Steam App 201190" = Magic: The Gathering – Tactics
"Steam App 207170" = Legend of Grimrock
"Steam App 220" = Half-Life 2
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 35420" = Killing Floor Mod: Defence Alliance 2
"Steam App 360" = Half-Life Deathmatch: Source
"Steam App 380" = Half-Life 2: Episode One
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 9900" = Star Trek Online
"SystemRequirementsLab" = System Requirements Lab
"Trojan Remover_is1" = Trojan Remover 6.8.3
"U212 Media Kit" = U212 Media Kit
"VLC media player" = VLC media player 1.1.11
"Warhammer 40,000: Chaos Gate" = Warhammer 40,000: Chaos Gate
"Warzone 2100" = Warzone 2100
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"WinAVIVideoConverter_is1" = WinAVIVideoConverter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 02/06/2012 19:02:09 | Computer Name = CATACOMB | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 02/06/2012 19:02:09 | Computer Name = CATACOMB | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 05/06/2012 14:17:36 | Computer Name = CATACOMB | Source = Application Error | ID = 1000
Description = Faulting application left4dead2.exe, version 0.0.0.0, faulting module
studiorender.dll, version 0.0.0.0, fault address 0x0000c7f3.

Error - 06/06/2012 19:03:31 | Computer Name = CATACOMB | Source = MsiInstaller | ID = 11704
Description = Product: Bitdefender Total Security 2012 -- Error 1704. An installation
for BitDefender GameSafe is currently suspended. You must undo the changes made
by that installation to continue. Do you want to undo those changes?

Error - 06/06/2012 20:12:26 | Computer Name = CATACOMB | Source = MsiInstaller | ID = 11404
Description = Product: BitDefender GameSafe -- Error 1404. Could not delete key
\SYSTEM\CurrentControlSet\Services\bdfsfltr. System error . Verify that you have
sufficient access to that key, or contact your support personnel.

Error - 06/06/2012 21:05:49 | Computer Name = CATACOMB | Source = MsiInstaller | ID = 11704
Description = Product: BitDefender GameSafe -- Error 1704. An installation for Bitdefender
Total Security 2012 is currently suspended. You must undo the changes made by
that installation to continue. Do you want to undo those changes?

Error - 19/06/2012 05:42:35 | Computer Name = CATACOMB | Source = Application Error | ID = 1000
Description = Faulting application uninst.exe, version 3.3.6.1, faulting module
uninst.exe, version 3.3.6.1, fault address 0x000137ec.

[ System Events ]
Error - 16/06/2012 04:24:34 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BDVEDISK

Error - 17/06/2012 04:56:11 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BDVEDISK

Error - 17/06/2012 05:01:57 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 19/06/2012 05:07:23 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BDVEDISK

Error - 19/06/2012 05:08:04 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 19/06/2012 06:13:22 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BDVEDISK

Error - 19/06/2012 06:37:49 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 19/06/2012 06:40:38 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BDVEDISK

Error - 19/06/2012 06:50:09 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BDVEDISK

Error - 19/06/2012 06:50:09 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).


< End of report >


Also when I start up the comp sometimes there is no start/taskbar and I have to use the reset button - this almost always happens if I dont choose a user straight away.

when I uninstalled punkbuster it asked for a restart, when I restarted windows explorer auto opened and hung....

Regards
Karl

maxi
2012-06-19, 20:33
Hi Karl, It is very important that we get an Anti-virus program on the computer now. I am going to give you one to try to install now but you can replace it with Bitdefender if you wish, when we are done.

Download this to your Desktop but do NOT install it yet.

avast! 6 Home Edition (http://www.avast.com/index) -


Back up your registry again like you did before using Erunt.

Run OTL Script

We need to run an OTL Fix


Double-click OTL.exe to start the program.
Copy and Paste the following code into the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/customFix.png textbox. Do not include the word Code



:otl
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home
IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
[2011/05/11 18:46:31 | 000,002,191 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\babylon.xml
O4 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004..\Run: [YwvLwqew] E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe File not found
O8 - Extra context menu item: Download with &Media Finder - E:\Program Files\Media Finder\hook.html File not found
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..Trusted Domains: sony.com ([]* in Trusted sites)
O20 - HKLM Winlogon: UserInit - (E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe) - E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe File not found
@Alternate Data Stream - 138 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9)

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\WINDOWS\system32\PnkBstrA.exe" =-
"E:\WINDOWS\system32\PnkBstrB.exe" =-
"C:\Program Files\uTorrent\uTorrent.exe" =-
"E:\Program Files\DNA\btdna.exe" =-

:files
ipconfig /flushdns /c

:commands
[emptytemp]
[resethosts]
[createrestorepoint]

Then click the Run Fix button at the top.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/btnOK.png.
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Now try and Install Avast! Anti-virus program. If it installs, Update it and run a full scan and report back in you next reply if it finds anything. Do not let it remove anything at this point but note down any files and file paths that are found.

Regards maxi :)

Baydon
2012-06-22, 13:25
When i click on the link for avast! 6 i get a cannot connect screen, can i download on my wifes laptop and use a flash pen to prt it over?

Regards
Karl

maxi
2012-06-22, 15:02
Yes you can try that :)

Baydon
2012-06-23, 18:48
OTL log....

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-1708537768-1482476501-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1708537768-1482476501-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
HKU\S-1-5-21-1708537768-1482476501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
E:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-1708537768-1482476501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\YwvLwqew deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe deleted successfully.
Unable to delete ADS E:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9) .
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\WINDOWS\system32\PnkBstrA.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\WINDOWS\system32\PnkBstrB.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\Program Files\DNA\btdna.exe deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
E:\Documents and Settings\karl\Desktop\cmd.bat deleted successfully.
E:\Documents and Settings\karl\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: karl
->Temp folder emptied: 1538016358 bytes
->Temporary Internet Files folder emptied: 2422299524 bytes
->Java cache emptied: 8589902 bytes
->FireFox cache emptied: 53541610 bytes
->Flash cache emptied: 167453 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 34060 bytes

User: Lyn Patricia
->Temp folder emptied: 2041265 bytes
->Temporary Internet Files folder emptied: 1217195 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 73688792 bytes
->Flash cache emptied: 57602 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 66639806 bytes
%systemroot%\System32 .tmp files removed: 160290513 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 48707344 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 202013814 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 74070 bytes
RecycleBin emptied: 3658812305 bytes

Total Files Cleaned = 7,855.00 mb

E:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.48.0 log created on 06232012_163435

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


and.......

Baydon
2012-06-24, 04:19
I cant paste the log from avast but ther are a load that say "threat:win32:malware-gen"

Regards
Karl

maxi
2012-06-24, 19:24
Hi Baydon :) Now that you have an AV we can continue. Was Avast giving you file names and file paths ?

Step 1
Please download DeFogger (http://www.jpshortstuff.247fixes.com/Defogger.exe) to your desktop.

Double click DeFogger to run the tool.

The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Step 2
TDSSKiller

Please download TDSSKiller.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
Double click on TDSSKiller.exe to launch it.
Click on Start Scan, the scan will run.
When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
Now click on Report to open the log file created by TDSSKiller in your root directory C:\
To find the log go to Start > Computer > C:
Post the contents of that log in your next reply please.
DO NOT TRY TO FIX ANYTHING AT THIS POINT

Step 3
Upload File/Files for testing

Please go to Virustotal (http://www.virustotal.com/) or jotti.org (http://virusscan.jotti.org/en)

Copy/paste this file and path into the white box at the top:

E:\Documents and Settings\karl\Desktop\r.exe
Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :
http://img263.imageshack.us/img263/38/61446739.jpg

In your next reply please include:
The log from TDSSKiller.
The link to VirusTotal.
The answer to my question.
Any problem you had with my instructions.

Regards maxi :)

Baydon
2012-06-24, 23:53
TDSSKILLER report...

21:39:36.0765 2672 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
21:39:36.0890 2672 ============================================================
21:39:36.0890 2672 Current date / time: 2012/06/24 21:39:36.0890
21:39:36.0890 2672 SystemInfo:
21:39:36.0890 2672
21:39:36.0890 2672 OS Version: 5.1.2600 ServicePack: 3.0
21:39:36.0890 2672 Product type: Workstation
21:39:36.0890 2672 ComputerName: CATACOMB
21:39:36.0890 2672 UserName: karl
21:39:36.0890 2672 Windows directory: E:\WINDOWS
21:39:36.0890 2672 System windows directory: E:\WINDOWS
21:39:36.0890 2672 Processor architecture: Intel x86
21:39:36.0890 2672 Number of processors: 2
21:39:36.0890 2672 Page size: 0x1000
21:39:36.0890 2672 Boot type: Normal boot
21:39:36.0890 2672 ============================================================
21:39:37.0968 2672 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:39:37.0984 2672 Drive \Device\Harddisk1\DR1 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:39:38.0000 2672 ============================================================
21:39:38.0000 2672 \Device\Harddisk0\DR0:
21:39:38.0000 2672 MBR partitions:
21:39:38.0000 2672 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2E031A75
21:39:38.0031 2672 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2E031AF3, BlocksNum 0xC34F28D
21:39:38.0031 2672 \Device\Harddisk1\DR1:
21:39:38.0031 2672 MBR partitions:
21:39:38.0031 2672 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1748A3BD
21:39:38.0031 2672 ============================================================
21:39:38.0062 2672 C: <-> \Device\Harddisk1\DR1\Partition0
21:39:38.0093 2672 E: <-> \Device\Harddisk0\DR0\Partition0
21:39:38.0109 2672 F: <-> \Device\Harddisk0\DR0\Partition1
21:39:38.0484 2672 ============================================================
21:39:38.0484 2672 Initialize success
21:39:38.0484 2672 ============================================================
21:40:05.0890 0304 ============================================================
21:40:05.0890 0304 Scan started
21:40:05.0890 0304 Mode: Manual;
21:40:05.0890 0304 ============================================================
21:40:06.0328 0304 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) E:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:40:06.0328 0304 !SASCORE - ok
21:40:06.0453 0304 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) E:\WINDOWS\system32\drivers\Aavmker4.sys
21:40:06.0468 0304 Aavmker4 - ok
21:40:06.0468 0304 Abiosdsk - ok
21:40:06.0468 0304 abp480n5 - ok
21:40:06.0515 0304 ACPI (8fd99680a539792a30e97944fdaecf17) E:\WINDOWS\system32\DRIVERS\ACPI.sys
21:40:06.0515 0304 ACPI - ok
21:40:06.0546 0304 ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys
21:40:06.0562 0304 ACPIEC - ok
21:40:06.0562 0304 adpu160m - ok
21:40:06.0593 0304 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys
21:40:06.0593 0304 aec - ok
21:40:06.0640 0304 AFD (1e44bc1e83d8fd2305f8d452db109cf9) E:\WINDOWS\System32\drivers\afd.sys
21:40:06.0640 0304 AFD - ok
21:40:06.0640 0304 Aha154x - ok
21:40:06.0656 0304 aic78u2 - ok
21:40:06.0656 0304 aic78xx - ok
21:40:06.0687 0304 Alerter (a9a3daa780ca6c9671a19d52456705b4) E:\WINDOWS\system32\alrsvc.dll
21:40:06.0703 0304 Alerter - ok
21:40:06.0734 0304 ALG (8c515081584a38aa007909cd02020b3d) E:\WINDOWS\System32\alg.exe
21:40:06.0734 0304 ALG - ok
21:40:06.0734 0304 AliIde - ok
21:40:06.0906 0304 ALSysIO - ok
21:40:06.0906 0304 amsint - ok
21:40:06.0906 0304 AppMgmt - ok
21:40:06.0906 0304 asc - ok
21:40:06.0906 0304 asc3350p - ok
21:40:06.0921 0304 asc3550 - ok
21:40:07.0046 0304 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:40:07.0046 0304 aspnet_state - ok
21:40:07.0093 0304 aswFsBlk (0ae43c6c411254049279c2ee55630f95) E:\WINDOWS\system32\drivers\aswFsBlk.sys
21:40:07.0093 0304 aswFsBlk - ok
21:40:07.0109 0304 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) E:\WINDOWS\system32\drivers\aswMon2.sys
21:40:07.0109 0304 aswMon2 - ok
21:40:07.0125 0304 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) E:\WINDOWS\system32\drivers\AswRdr.sys
21:40:07.0125 0304 AswRdr - ok
21:40:07.0156 0304 aswSnx (dcb199b967375753b5019ec15f008f53) E:\WINDOWS\system32\drivers\aswSnx.sys
21:40:07.0171 0304 aswSnx - ok
21:40:07.0203 0304 aswSP (b32873e5a1443c0a1e322266e203bf10) E:\WINDOWS\system32\drivers\aswSP.sys
21:40:07.0203 0304 aswSP - ok
21:40:07.0203 0304 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) E:\WINDOWS\system32\drivers\aswTdi.sys
21:40:07.0203 0304 aswTdi - ok
21:40:07.0234 0304 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:40:07.0234 0304 AsyncMac - ok
21:40:07.0250 0304 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys
21:40:07.0265 0304 atapi - ok
21:40:07.0265 0304 Atdisk - ok
21:40:07.0281 0304 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:40:07.0281 0304 Atmarpc - ok
21:40:07.0328 0304 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) E:\WINDOWS\System32\audiosrv.dll
21:40:07.0328 0304 AudioSrv - ok
21:40:07.0390 0304 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys
21:40:07.0390 0304 audstub - ok
21:40:07.0484 0304 avast! Antivirus (4041d31508a2a084dfb42c595854090f) E:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:40:07.0484 0304 avast! Antivirus - ok
21:40:07.0484 0304 avc3 - ok
21:40:07.0531 0304 avchv (e830674bbba9ed0ae0ed3cab10e25a9e) E:\WINDOWS\system32\DRIVERS\avchv.sys
21:40:07.0531 0304 avchv - ok
21:40:07.0546 0304 avckf - ok
21:40:07.0546 0304 BDVEDISK - ok
21:40:07.0578 0304 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys
21:40:07.0578 0304 Beep - ok
21:40:07.0609 0304 BITS (574738f61fca2935f5265dc4e5691314) E:\WINDOWS\system32\qmgr.dll
21:40:07.0765 0304 BITS - ok
21:40:07.0796 0304 Browser (a06ce3399d16db864f55faeb1f1927a9) E:\WINDOWS\System32\browser.dll
21:40:07.0796 0304 Browser - ok
21:40:07.0843 0304 BsStor (d6d0f3860f022a12e888965f8237cbd9) E:\WINDOWS\system32\DRIVERS\bsstor.sys
21:40:07.0843 0304 BsStor - ok
21:40:07.0859 0304 BsUDF (86e65e36995ed2c6d0646186d51b7f6a) E:\WINDOWS\system32\drivers\BsUDF.sys
21:40:07.0859 0304 BsUDF - ok
21:40:07.0906 0304 BthEnum (b279426e3c0c344893ed78a613a73bde) E:\WINDOWS\system32\DRIVERS\BthEnum.sys
21:40:07.0906 0304 BthEnum - ok
21:40:07.0921 0304 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) E:\WINDOWS\system32\DRIVERS\bthmodem.sys
21:40:07.0921 0304 BTHMODEM - ok
21:40:07.0921 0304 BthPan (80602b8746d3738f5886ce3d67ef06b6) E:\WINDOWS\system32\DRIVERS\bthpan.sys
21:40:07.0921 0304 BthPan - ok
21:40:07.0984 0304 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) E:\WINDOWS\system32\Drivers\BTHport.sys
21:40:08.0000 0304 BTHPORT - ok
21:40:08.0062 0304 BthServ (f4c43c66471b87996d95db7a3a664a37) E:\WINDOWS\System32\bthserv.dll
21:40:08.0062 0304 BthServ - ok
21:40:08.0062 0304 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) E:\WINDOWS\system32\Drivers\BTHUSB.sys
21:40:08.0062 0304 BTHUSB - ok
21:40:08.0093 0304 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) E:\WINDOWS\system32\drivers\BVRPMPR5.SYS
21:40:08.0093 0304 BVRPMPR5 - ok
21:40:08.0109 0304 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys
21:40:08.0109 0304 cbidf2k - ok
21:40:08.0125 0304 cd20xrnt - ok
21:40:08.0156 0304 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys
21:40:08.0156 0304 Cdaudio - ok
21:40:08.0187 0304 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys
21:40:08.0187 0304 Cdfs - ok
21:40:08.0218 0304 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys
21:40:08.0218 0304 Cdrom - ok
21:40:08.0218 0304 Changer - ok
21:40:08.0250 0304 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) E:\WINDOWS\system32\cisvc.exe
21:40:08.0250 0304 CiSvc - ok
21:40:08.0265 0304 ClipSrv (34cbe729f38138217f9c80212a2a0c82) E:\WINDOWS\system32\clipsrv.exe
21:40:08.0265 0304 ClipSrv - ok
21:40:08.0453 0304 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) e:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:40:08.0453 0304 clr_optimization_v2.0.50727_32 - ok
21:40:08.0453 0304 CmdIde - ok
21:40:08.0468 0304 COMSysApp - ok
21:40:08.0468 0304 Cpqarray - ok
21:40:08.0484 0304 CryptSvc (3d4e199942e29207970e04315d02ad3b) E:\WINDOWS\System32\cryptsvc.dll
21:40:08.0484 0304 CryptSvc - ok
21:40:08.0484 0304 dac2w2k - ok
21:40:08.0484 0304 dac960nt - ok
21:40:08.0546 0304 DcomLaunch (6b27a5c03dfb94b4245739065431322c) E:\WINDOWS\system32\rpcss.dll
21:40:08.0546 0304 DcomLaunch - ok
21:40:08.0562 0304 Dhcp (5e38d7684a49cacfb752b046357e0589) E:\WINDOWS\System32\dhcpcsvc.dll
21:40:08.0562 0304 Dhcp - ok
21:40:08.0578 0304 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys
21:40:08.0578 0304 Disk - ok
21:40:08.0703 0304 Diskeeper (ea63926076d255a449060e406aca59f7) F:\Diskeeper Corporation\Diskeeper\DkService.exe
21:40:08.0734 0304 Diskeeper - ok
21:40:08.0750 0304 DKRtWrt (23285d9144c76bee6fef8e4b8d2fd3c4) E:\WINDOWS\system32\DRIVERS\DKRtWrt.sys
21:40:08.0750 0304 DKRtWrt - ok
21:40:08.0750 0304 dmadmin - ok
21:40:08.0812 0304 dmboot (d992fe1274bde0f84ad826acae022a41) E:\WINDOWS\system32\drivers\dmboot.sys
21:40:08.0828 0304 dmboot - ok
21:40:08.0843 0304 dmio (7c824cf7bbde77d95c08005717a95f6f) E:\WINDOWS\system32\drivers\dmio.sys
21:40:08.0843 0304 dmio - ok
21:40:08.0875 0304 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys
21:40:08.0875 0304 dmload - ok
21:40:08.0906 0304 dmserver (57edec2e5f59f0335e92f35184bc8631) E:\WINDOWS\System32\dmserver.dll
21:40:08.0906 0304 dmserver - ok
21:40:08.0921 0304 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys
21:40:08.0937 0304 DMusic - ok
21:40:08.0968 0304 Dnscache (5f7e24fa9eab896051ffb87f840730d2) E:\WINDOWS\System32\dnsrslvr.dll
21:40:08.0968 0304 Dnscache - ok
21:40:09.0015 0304 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) E:\WINDOWS\System32\dot3svc.dll
21:40:09.0015 0304 Dot3svc - ok
21:40:09.0015 0304 dpti2o - ok
21:40:09.0015 0304 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys
21:40:09.0015 0304 drmkaud - ok
21:40:09.0046 0304 EapHost (2187855a7703adef0cef9ee4285182cc) E:\WINDOWS\System32\eapsvc.dll
21:40:09.0046 0304 EapHost - ok
21:40:09.0062 0304 ERSvc (bc93b4a066477954555966d77fec9ecb) E:\WINDOWS\System32\ersvc.dll
21:40:09.0062 0304 ERSvc - ok
21:40:09.0093 0304 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) E:\WINDOWS\system32\drivers\es1371mp.sys
21:40:09.0093 0304 es1371 - ok
21:40:09.0140 0304 Eventlog (65df52f5b8b6e9bbd183505225c37315) E:\WINDOWS\system32\services.exe
21:40:09.0171 0304 Eventlog - ok
21:40:09.0218 0304 EventSystem (d4991d98f2db73c60d042f1aef79efae) E:\WINDOWS\System32\es.dll
21:40:09.0234 0304 EventSystem - ok
21:40:09.0250 0304 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys
21:40:09.0250 0304 Fastfat - ok
21:40:09.0296 0304 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) E:\WINDOWS\System32\shsvcs.dll
21:40:09.0296 0304 FastUserSwitchingCompatibility - ok
21:40:09.0312 0304 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\drivers\Fdc.sys
21:40:09.0312 0304 Fdc - ok
21:40:09.0328 0304 Fips (d45926117eb9fa946a6af572fbe1caa3) E:\WINDOWS\system32\drivers\Fips.sys
21:40:09.0328 0304 Fips - ok
21:40:09.0359 0304 FlashUSB (5575ee5823de1558f8486eb4e33ffa99) E:\WINDOWS\system32\DRIVERS\FlashUSB.sys
21:40:09.0359 0304 FlashUSB - ok
21:40:09.0375 0304 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\drivers\Flpydisk.sys
21:40:09.0375 0304 Flpydisk - ok
21:40:09.0390 0304 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys
21:40:09.0390 0304 FltMgr - ok
21:40:09.0531 0304 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) e:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:40:09.0531 0304 FontCache3.0.0.0 - ok
21:40:09.0546 0304 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys
21:40:09.0562 0304 Fs_Rec - ok
21:40:09.0562 0304 Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:40:09.0562 0304 Ftdisk - ok
21:40:09.0562 0304 gameenum (065639773d8b03f33577f6cdaea21063) E:\WINDOWS\system32\DRIVERS\gameenum.sys
21:40:09.0578 0304 gameenum - ok
21:40:09.0593 0304 GcKernel (72fe2bea6863d4eb93442a1c4fb5ca48) E:\WINDOWS\system32\DRIVERS\GcKernel.sys
21:40:09.0593 0304 GcKernel - ok
21:40:09.0609 0304 gdrv (54789f9ba0d59072cdd4e7c200e122c4) E:\WINDOWS\gdrv.sys
21:40:12.0140 0304 gdrv - ok
21:40:12.0203 0304 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) E:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
21:40:12.0203 0304 GEARAspiWDM - ok
21:40:12.0328 0304 getPlusHelper (0879dc7444a201df84e69c5dd5083d61) E:\Program Files\NOS\bin\getPlus_Helper.dll
21:40:12.0343 0304 getPlusHelper - ok
21:40:12.0375 0304 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys
21:40:12.0375 0304 Gpc - ok
21:40:12.0437 0304 gupdate (f02a533f517eb38333cb12a9e8963773) E:\Program Files\Google\Update\GoogleUpdate.exe
21:40:12.0437 0304 gupdate - ok
21:40:12.0437 0304 gupdatem (f02a533f517eb38333cb12a9e8963773) E:\Program Files\Google\Update\GoogleUpdate.exe
21:40:12.0437 0304 gupdatem - ok
21:40:12.0515 0304 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) E:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:40:12.0515 0304 helpsvc - ok
21:40:12.0531 0304 HidServ (deb04da35cc871b6d309b77e1443c796) E:\WINDOWS\System32\hidserv.dll
21:40:12.0546 0304 HidServ - ok
21:40:12.0562 0304 HIDSwvd (bd205320308fb41c88a4049a2d1764b4) E:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
21:40:12.0578 0304 HIDSwvd - ok
21:40:12.0593 0304 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys
21:40:12.0734 0304 HidUsb - ok
21:40:12.0765 0304 hkmsvc (8878bd685e490239777bfe51320b88e9) E:\WINDOWS\System32\kmsvc.dll
21:40:12.0765 0304 hkmsvc - ok
21:40:12.0765 0304 hpn - ok
21:40:12.0812 0304 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) E:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:40:12.0812 0304 HPZid412 - ok
21:40:12.0875 0304 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) E:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:40:12.0875 0304 HPZipr12 - ok
21:40:12.0875 0304 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) E:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:40:12.0875 0304 HPZius12 - ok
21:40:12.0906 0304 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) E:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
21:40:12.0906 0304 HTCAND32 - ok
21:40:12.0953 0304 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys
21:40:12.0953 0304 HTTP - ok
21:40:12.0968 0304 HTTPFilter (6100a808600f44d999cebdef8841c7a3) E:\WINDOWS\System32\w3ssl.dll
21:40:13.0000 0304 HTTPFilter - ok
21:40:13.0000 0304 i2omgmt - ok
21:40:13.0000 0304 i2omp - ok
21:40:13.0031 0304 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) E:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:40:13.0031 0304 i8042prt - ok
21:40:13.0093 0304 IDriverT (1cf03c69b49acb70c722df92755c0c8c) E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:40:13.0093 0304 IDriverT - ok
21:40:13.0234 0304 idsvc (c01ac32dc5c03076cfb852cb5da5229c) e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:40:13.0250 0304 idsvc - ok
21:40:13.0359 0304 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys
21:40:13.0359 0304 Imapi - ok
21:40:13.0421 0304 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) E:\WINDOWS\System32\imapi.exe
21:40:13.0421 0304 ImapiService - ok
21:40:13.0468 0304 incdrm (6f05034230ad665b8ad80214a3a9bc57) E:\WINDOWS\system32\drivers\incdrm.sys
21:40:13.0468 0304 incdrm - ok
21:40:13.0468 0304 ini910u - ok
21:40:13.0468 0304 IntelIde - ok
21:40:13.0531 0304 intelppm (8c953733d8f36eb2133f5bb58808b66b) E:\WINDOWS\system32\DRIVERS\intelppm.sys
21:40:13.0531 0304 intelppm - ok
21:40:13.0546 0304 ip6fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys
21:40:13.0562 0304 ip6fw - ok
21:40:13.0578 0304 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:40:13.0578 0304 IpFilterDriver - ok
21:40:13.0593 0304 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys
21:40:13.0593 0304 IpInIp - ok
21:40:13.0625 0304 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys
21:40:13.0625 0304 IpNat - ok
21:40:13.0640 0304 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys
21:40:13.0640 0304 IPSec - ok
21:40:13.0671 0304 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys
21:40:13.0671 0304 IRENUM - ok
21:40:13.0703 0304 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) E:\WINDOWS\system32\DRIVERS\isapnp.sys
21:40:13.0703 0304 isapnp - ok
21:40:13.0875 0304 JavaQuickStarterService (0a5709543986843d37a92290b7838340) E:\Program Files\Java\jre6\bin\jqs.exe
21:40:13.0875 0304 JavaQuickStarterService - ok
21:40:13.0906 0304 JRAID (c1632fe31d1824a43dea29725312e3fa) E:\WINDOWS\system32\DRIVERS\jraid.sys
21:40:13.0906 0304 JRAID - ok
21:40:13.0937 0304 Kbdclass (463c1ec80cd17420a542b7f36a36f128) E:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:40:13.0937 0304 Kbdclass - ok
21:40:13.0937 0304 kbdhid (9ef487a186dea361aa06913a75b3fa99) E:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:40:13.0937 0304 kbdhid - ok
21:40:13.0953 0304 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys
21:40:13.0953 0304 kmixer - ok
21:40:14.0015 0304 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys
21:40:14.0015 0304 KSecDD - ok
21:40:14.0046 0304 L8042Kbd (dc61f15187372d164769c841655e58f3) E:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
21:40:14.0046 0304 L8042Kbd - ok
21:40:14.0062 0304 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) E:\WINDOWS\System32\srvsvc.dll
21:40:14.0078 0304 lanmanserver - ok
21:40:14.0109 0304 lanmanworkstation (a8888a5327621856c0cec4e385f69309) E:\WINDOWS\System32\wkssvc.dll
21:40:14.0140 0304 lanmanworkstation - ok
21:40:14.0156 0304 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) E:\WINDOWS\system32\Drivers\LBeepKE.sys
21:40:14.0156 0304 LBeepKE - ok
21:40:14.0156 0304 lbrtfdc - ok
21:40:14.0203 0304 LBTServ (45b7d6bd6f59cba3fb6bf202223f4264) E:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
21:40:14.0203 0304 LBTServ - ok
21:40:14.0234 0304 LgBttPort (4dd47b5af0b24871ebb9efc012a7474e) E:\WINDOWS\system32\DRIVERS\lgbtport.sys
21:40:14.0234 0304 LgBttPort - ok
21:40:14.0265 0304 lgbusenum (1d038ca6c529203087a990e5e97887b4) E:\WINDOWS\system32\DRIVERS\lgbtbus.sys
21:40:14.0265 0304 lgbusenum - ok
21:40:14.0296 0304 LGVMODEM (26f1976a330195d62a6224c76968cf0d) E:\WINDOWS\system32\DRIVERS\lgvmodem.sys
21:40:14.0296 0304 LGVMODEM - ok
21:40:14.0312 0304 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) E:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
21:40:14.0312 0304 LHidFilt - ok
21:40:14.0359 0304 LmHosts (a7db739ae99a796d91580147e919cc59) E:\WINDOWS\System32\lmhsvc.dll
21:40:14.0359 0304 LmHosts - ok
21:40:14.0359 0304 LMouFilt (ab33792a87285344f43b5ce23421bab0) E:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
21:40:14.0359 0304 LMouFilt - ok
21:40:14.0406 0304 LycoFltr (f90bde6e9c7b6015edf1dc99a97b00c9) E:\WINDOWS\system32\Drivers\Lycosa.sys
21:40:14.0406 0304 LycoFltr - ok
21:40:14.0453 0304 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) E:\WINDOWS\system32\drivers\mbamchameleon.sys
21:40:14.0453 0304 mbamchameleon - ok
21:40:14.0468 0304 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) E:\WINDOWS\system32\drivers\mbam.sys
21:40:14.0468 0304 MBAMProtector - ok
21:40:14.0562 0304 MBAMService (ba400ed640bca1eae5c727ae17c10207) E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:40:14.0578 0304 MBAMService - ok
21:40:14.0593 0304 Messenger (986b1ff5814366d71e0ac5755c88f2d3) E:\WINDOWS\System32\msgsvc.dll
21:40:14.0609 0304 Messenger - ok
21:40:14.0718 0304 Micorsoft Windows Service - ok
21:40:14.0734 0304 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys
21:40:14.0734 0304 mnmdd - ok
21:40:14.0734 0304 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) E:\WINDOWS\System32\mnmsrvc.exe
21:40:14.0750 0304 mnmsrvc - ok
21:40:14.0796 0304 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) E:\WINDOWS\system32\drivers\Modem.sys
21:40:14.0796 0304 Modem - ok
21:40:14.0812 0304 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) E:\WINDOWS\system32\DRIVERS\mouclass.sys
21:40:14.0828 0304 Mouclass - ok
21:40:14.0828 0304 mouhid (b1c303e17fb9d46e87a98e4ba6769685) E:\WINDOWS\system32\DRIVERS\mouhid.sys
21:40:14.0828 0304 mouhid - ok
21:40:14.0828 0304 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys
21:40:14.0828 0304 MountMgr - ok
21:40:14.0937 0304 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:40:14.0937 0304 MozillaMaintenance - ok
21:40:14.0937 0304 mraid35x - ok
21:40:14.0937 0304 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:40:14.0953 0304 MRxDAV - ok
21:40:15.0000 0304 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:40:15.0000 0304 MRxSmb - ok
21:40:15.0015 0304 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) E:\WINDOWS\System32\msdtc.exe
21:40:15.0031 0304 MSDTC - ok
21:40:15.0031 0304 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys
21:40:15.0031 0304 Msfs - ok
21:40:15.0031 0304 MSIServer - ok
21:40:15.0046 0304 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys
21:40:15.0046 0304 MSKSSRV - ok
21:40:15.0062 0304 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:40:15.0062 0304 MSPCLOCK - ok
21:40:15.0078 0304 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys
21:40:15.0078 0304 MSPQM - ok
21:40:15.0078 0304 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:40:15.0078 0304 mssmbios - ok
21:40:15.0109 0304 Mup (de6a75f5c270e756c5508d94b6cf68f5) E:\WINDOWS\system32\drivers\Mup.sys
21:40:15.0109 0304 Mup - ok
21:40:15.0140 0304 napagent (0102140028fad045756796e1c685d695) E:\WINDOWS\System32\qagentrt.dll
21:40:15.0140 0304 napagent - ok
21:40:15.0156 0304 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys
21:40:15.0156 0304 NDIS - ok
21:40:15.0203 0304 NdisTapi (0109c4f3850dfbab279542515386ae22) E:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:40:15.0203 0304 NdisTapi - ok
21:40:15.0203 0304 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:40:15.0203 0304 Ndisuio - ok
21:40:15.0218 0304 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:40:15.0218 0304 NdisWan - ok
21:40:15.0265 0304 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) E:\WINDOWS\system32\drivers\NDProxy.sys
21:40:15.0265 0304 NDProxy - ok
21:40:15.0281 0304 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys
21:40:15.0281 0304 NetBIOS - ok
21:40:15.0296 0304 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys
21:40:15.0296 0304 NetBT - ok
21:40:15.0343 0304 NetDDE (b857ba82860d7ff85ae29b095645563b) E:\WINDOWS\system32\netdde.exe
21:40:15.0343 0304 NetDDE - ok
21:40:15.0343 0304 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) E:\WINDOWS\system32\netdde.exe
21:40:15.0343 0304 NetDDEdsdm - ok
21:40:15.0375 0304 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) E:\WINDOWS\System32\lsass.exe
21:40:15.0375 0304 Netlogon - ok
21:40:15.0390 0304 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) E:\WINDOWS\System32\netman.dll
21:40:15.0406 0304 Netman - ok
21:40:15.0531 0304 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:40:15.0531 0304 NetTcpPortSharing - ok
21:40:15.0578 0304 Nla (943337d786a56729263071623bbb9de5) E:\WINDOWS\System32\mswsock.dll
21:40:15.0578 0304 Nla - ok
21:40:15.0609 0304 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys
21:40:15.0609 0304 Npfs - ok
21:40:15.0656 0304 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys
21:40:15.0671 0304 Ntfs - ok
21:40:15.0671 0304 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) E:\WINDOWS\System32\lsass.exe
21:40:15.0671 0304 NtLmSsp - ok
21:40:15.0703 0304 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) E:\WINDOWS\system32\ntmssvc.dll
21:40:15.0718 0304 NtmsSvc - ok
21:40:15.0765 0304 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys
21:40:15.0765 0304 Null - ok
21:40:16.0312 0304 nv (0dc79b60cedc3a8854c27b3c6e4b3414) E:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:40:16.0578 0304 nv - ok
21:40:16.0718 0304 NVSvc (971b4344aba9b79ed0e9d0bb2a5283c1) E:\WINDOWS\system32\nvsvc32.exe
21:40:16.0718 0304 NVSvc - ok
21:40:16.0765 0304 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:40:16.0765 0304 NwlnkFlt - ok
21:40:16.0765 0304 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:40:16.0765 0304 NwlnkFwd - ok
21:40:16.0828 0304 ose (9d10f99a6712e28f8acd5641e3a7ea6b) E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:40:16.0828 0304 ose - ok
21:40:17.0062 0304 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) E:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:40:17.0125 0304 osppsvc - ok
21:40:17.0250 0304 Parport (5575faf8f97ce5e713d108c2a58d7c7c) E:\WINDOWS\system32\drivers\Parport.sys
21:40:17.0250 0304 Parport - ok
21:40:17.0265 0304 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys
21:40:17.0281 0304 PartMgr - ok
21:40:17.0312 0304 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys
21:40:17.0312 0304 ParVdm - ok
21:40:17.0343 0304 PCI (a219903ccf74233761d92bef471a07b1) E:\WINDOWS\system32\DRIVERS\pci.sys
21:40:17.0343 0304 PCI - ok
21:40:17.0343 0304 PCIDump - ok
21:40:17.0375 0304 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) E:\WINDOWS\system32\DRIVERS\pciide.sys
21:40:17.0375 0304 PCIIde - ok
21:40:17.0390 0304 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) E:\WINDOWS\system32\drivers\Pcmcia.sys
21:40:17.0406 0304 Pcmcia - ok
21:40:17.0406 0304 PDCOMP - ok
21:40:17.0406 0304 PDFRAME - ok
21:40:17.0406 0304 PDRELI - ok
21:40:17.0406 0304 PDRFRAME - ok
21:40:17.0421 0304 perc2 - ok
21:40:17.0421 0304 perc2hib - ok
21:40:17.0468 0304 PlugPlay (65df52f5b8b6e9bbd183505225c37315) E:\WINDOWS\system32\services.exe
21:40:17.0468 0304 PlugPlay - ok
21:40:17.0515 0304 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) E:\WINDOWS\system32\HPZipm12.exe
21:40:17.0515 0304 Pml Driver HPZ12 - ok
21:40:17.0546 0304 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) E:\WINDOWS\System32\lsass.exe
21:40:17.0546 0304 PolicyAgent - ok
21:40:17.0578 0304 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys
21:40:17.0578 0304 PptpMiniport - ok
21:40:17.0578 0304 Processor (a32bebaf723557681bfc6bd93e98bd26) E:\WINDOWS\system32\DRIVERS\processr.sys
21:40:17.0578 0304 Processor - ok
21:40:17.0640 0304 Profos - ok
21:40:17.0640 0304 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) E:\WINDOWS\system32\lsass.exe
21:40:17.0640 0304 ProtectedStorage - ok
21:40:17.0640 0304 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys
21:40:17.0656 0304 PSched - ok
21:40:17.0656 0304 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys
21:40:17.0656 0304 Ptilink - ok
21:40:17.0687 0304 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) E:\WINDOWS\system32\Drivers\PxHelp20.sys
21:40:17.0703 0304 PxHelp20 - ok
21:40:17.0703 0304 ql1080 - ok
21:40:17.0703 0304 Ql10wnt - ok
21:40:17.0703 0304 ql12160 - ok
21:40:17.0703 0304 ql1240 - ok
21:40:17.0718 0304 ql1280 - ok
21:40:17.0750 0304 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys
21:40:17.0750 0304 RasAcd - ok
21:40:17.0781 0304 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) E:\WINDOWS\System32\rasauto.dll
21:40:17.0781 0304 RasAuto - ok
21:40:17.0812 0304 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:40:17.0812 0304 Rasl2tp - ok
21:40:17.0859 0304 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) E:\WINDOWS\System32\rasmans.dll
21:40:17.0859 0304 RasMan - ok
21:40:17.0859 0304 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:40:17.0859 0304 RasPppoe - ok
21:40:17.0875 0304 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys
21:40:17.0875 0304 Raspti - ok
21:40:17.0890 0304 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys
21:40:17.0890 0304 Rdbss - ok
21:40:17.0890 0304 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:40:17.0890 0304 RDPCDD - ok
21:40:17.0937 0304 RDPWD (5b3055daa788bd688594d2f5981f2a83) E:\WINDOWS\system32\drivers\RDPWD.sys
21:40:17.0937 0304 RDPWD - ok
21:40:17.0953 0304 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) E:\WINDOWS\system32\sessmgr.exe
21:40:17.0953 0304 RDSessMgr - ok
21:40:17.0968 0304 redbook (f828dd7e1419b6653894a8f97a0094c5) E:\WINDOWS\system32\DRIVERS\redbook.sys
21:40:17.0968 0304 redbook - ok
21:40:18.0000 0304 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) E:\WINDOWS\System32\mprdim.dll
21:40:18.0000 0304 RemoteAccess - ok
21:40:18.0046 0304 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) E:\WINDOWS\system32\DRIVERS\rfcomm.sys
21:40:18.0046 0304 RFCOMM - ok
21:40:18.0046 0304 RpcLocator (aaed593f84afa419bbae8572af87cf6a) E:\WINDOWS\System32\locator.exe
21:40:18.0046 0304 RpcLocator - ok
21:40:18.0109 0304 RpcSs (6b27a5c03dfb94b4245739065431322c) E:\WINDOWS\system32\rpcss.dll
21:40:18.0109 0304 RpcSs - ok
21:40:18.0140 0304 RSVP (471b3f9741d762abe75e9deea4787e47) E:\WINDOWS\System32\rsvp.exe
21:40:18.0156 0304 RSVP - ok
21:40:18.0187 0304 RTLE8023xp (badabe0940c01619e8510b90fb314929) E:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:40:18.0187 0304 RTLE8023xp - ok
21:40:18.0187 0304 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) E:\WINDOWS\system32\lsass.exe
21:40:18.0203 0304 SamSs - ok
21:40:18.0312 0304 SASDIFSV (39763504067962108505bff25f024345) E:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:40:18.0312 0304 SASDIFSV - ok
21:40:18.0312 0304 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:40:18.0312 0304 SASKUTIL - ok
21:40:18.0328 0304 SCardSvr (86d007e7a654b9a71d1d7d856b104353) E:\WINDOWS\System32\SCardSvr.exe
21:40:18.0328 0304 SCardSvr - ok
21:40:18.0359 0304 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) E:\WINDOWS\system32\schedsvc.dll
21:40:18.0375 0304 Schedule - ok
21:40:18.0406 0304 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys
21:40:18.0421 0304 Secdrv - ok
21:40:18.0437 0304 seclogon (cbe612e2bb6a10e3563336191eda1250) E:\WINDOWS\System32\seclogon.dll
21:40:18.0453 0304 seclogon - ok
21:40:18.0453 0304 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) E:\WINDOWS\system32\sens.dll
21:40:18.0453 0304 SENS - ok
21:40:18.0500 0304 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) E:\WINDOWS\system32\drivers\Serial.sys
21:40:18.0500 0304 Serial - ok
21:40:18.0578 0304 ServiceLayer (56eb980da71b94b79a341615c3c256cf) E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:40:18.0578 0304 ServiceLayer - ok
21:40:18.0640 0304 sfdrv01 (4c0d673281178cb496011a2e28571fc8) E:\WINDOWS\system32\drivers\sfdrv01.sys
21:40:18.0640 0304 sfdrv01 - ok
21:40:18.0640 0304 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) E:\WINDOWS\system32\drivers\sfhlp02.sys
21:40:18.0640 0304 sfhlp02 - ok
21:40:18.0687 0304 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys
21:40:18.0687 0304 Sfloppy - ok
21:40:18.0687 0304 sfsync02 (efebbc1d13fdb77a6af4eddfc7232edf) E:\WINDOWS\system32\drivers\sfsync02.sys
21:40:18.0703 0304 sfsync02 - ok
21:40:18.0718 0304 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) E:\WINDOWS\System32\ipnathlp.dll
21:40:18.0718 0304 SharedAccess - ok
21:40:18.0765 0304 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) E:\WINDOWS\System32\shsvcs.dll
21:40:18.0765 0304 ShellHWDetection - ok
21:40:18.0765 0304 Simbad - ok
21:40:18.0765 0304 Sparrow - ok
21:40:18.0796 0304 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys
21:40:18.0796 0304 splitter - ok
21:40:18.0843 0304 Spooler (60784f891563fb1b767f70117fc2428f) E:\WINDOWS\system32\spoolsv.exe
21:40:18.0843 0304 Spooler - ok
21:40:18.0921 0304 sptd (71e276f6d189413266ea22171806597b) E:\WINDOWS\System32\Drivers\sptd.sys
21:40:18.0921 0304 sptd - ok
21:40:18.0937 0304 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) E:\WINDOWS\system32\DRIVERS\sr.sys
21:40:18.0937 0304 sr - ok
21:40:18.0968 0304 srservice (3805df0ac4296a34ba4bf93b346cc378) E:\WINDOWS\System32\srsvc.dll
21:40:18.0968 0304 srservice - ok
21:40:19.0000 0304 Srv (47ddfc2f003f7f9f0592c6874962a2e7) E:\WINDOWS\system32\DRIVERS\srv.sys
21:40:19.0000 0304 Srv - ok
21:40:19.0031 0304 SSDPSRV (0a5679b3714edab99e357057ee88fca6) E:\WINDOWS\System32\ssdpsrv.dll
21:40:19.0031 0304 SSDPSRV - ok
21:40:19.0078 0304 StillCam (a9573045baa16eab9b1085205b82f1ed) E:\WINDOWS\system32\DRIVERS\serscan.sys
21:40:19.0078 0304 StillCam - ok
21:40:19.0140 0304 stisvc (8bad69cbac032d4bbacfce0306174c30) E:\WINDOWS\system32\wiaservc.dll
21:40:19.0156 0304 stisvc - ok
21:40:19.0187 0304 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys
21:40:19.0187 0304 swenum - ok
21:40:19.0218 0304 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys
21:40:19.0218 0304 swmidi - ok
21:40:19.0218 0304 SwPrv - ok
21:40:19.0234 0304 symc810 - ok
21:40:19.0234 0304 symc8xx - ok
21:40:19.0234 0304 sym_hi - ok
21:40:19.0234 0304 sym_u3 - ok
21:40:19.0265 0304 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys
21:40:19.0265 0304 sysaudio - ok
21:40:19.0296 0304 SysmonLog (c7abbc59b43274b1109df6b24d617051) E:\WINDOWS\system32\smlogsvc.exe
21:40:19.0312 0304 SysmonLog - ok
21:40:19.0328 0304 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) E:\WINDOWS\System32\tapisrv.dll
21:40:19.0328 0304 TapiSrv - ok
21:40:19.0390 0304 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys
21:40:19.0406 0304 Tcpip - ok
21:40:19.0437 0304 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys
21:40:19.0437 0304 TDPIPE - ok
21:40:19.0453 0304 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys
21:40:19.0453 0304 TDTCP - ok
21:40:19.0484 0304 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys
21:40:19.0484 0304 TermDD - ok
21:40:19.0500 0304 TermService (ff3477c03be7201c294c35f684b3479f) E:\WINDOWS\System32\termsrv.dll
21:40:19.0515 0304 TermService - ok
21:40:19.0562 0304 Themes (99bc0b50f511924348be19c7c7313bbf) E:\WINDOWS\System32\shsvcs.dll
21:40:19.0562 0304 Themes - ok
21:40:19.0562 0304 TosIde - ok
21:40:19.0578 0304 TrkWks (55bca12f7f523d35ca3cb833c725f54e) E:\WINDOWS\system32\trkwks.dll
21:40:19.0578 0304 TrkWks - ok
21:40:19.0609 0304 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys
21:40:19.0609 0304 Udfs - ok
21:40:19.0609 0304 ultra - ok
21:40:19.0656 0304 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys
21:40:19.0656 0304 Update - ok
21:40:19.0687 0304 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) E:\WINDOWS\System32\upnphost.dll
21:40:19.0703 0304 upnphost - ok
21:40:19.0703 0304 UPS (05365fb38fca1e98f7a566aaaf5d1815) E:\WINDOWS\System32\ups.exe
21:40:19.0703 0304 UPS - ok
21:40:19.0750 0304 usbbus (9419faac6552a51542dbba02971c841c) E:\WINDOWS\system32\DRIVERS\lgusbbus.sys
21:40:19.0765 0304 usbbus - ok
21:40:19.0765 0304 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:40:19.0765 0304 usbccgp - ok
21:40:19.0796 0304 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) E:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
21:40:19.0812 0304 UsbDiag - ok
21:40:19.0828 0304 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys
21:40:19.0828 0304 usbehci - ok
21:40:19.0843 0304 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys
21:40:19.0843 0304 usbhub - ok
21:40:19.0875 0304 USBModem (f74a54774a9b0afeb3c40adec68aa600) E:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
21:40:19.0875 0304 USBModem - ok
21:40:19.0890 0304 usbprint (a717c8721046828520c9edf31288fc00) E:\WINDOWS\system32\DRIVERS\usbprint.sys
21:40:19.0890 0304 usbprint - ok
21:40:19.0906 0304 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) E:\WINDOWS\system32\DRIVERS\usbscan.sys
21:40:19.0906 0304 usbscan - ok
21:40:19.0937 0304 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:40:19.0937 0304 USBSTOR - ok
21:40:19.0953 0304 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) E:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:40:19.0953 0304 usbuhci - ok
21:40:19.0968 0304 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys
21:40:19.0968 0304 VgaSave - ok
21:40:19.0968 0304 ViaIde - ok
21:40:19.0968 0304 VolSnap (4c8fcb5cc53aab716d810740fe59d025) E:\WINDOWS\system32\drivers\VolSnap.sys
21:40:19.0968 0304 VolSnap - ok
21:40:19.0984 0304 VSS (7a9db3a67c333bf0bd42e42b8596854b) E:\WINDOWS\System32\vssvc.exe
21:40:20.0000 0304 VSS - ok
21:40:20.0015 0304 W32Time (54af4b1d5459500ef0937f6d33b1914f) E:\WINDOWS\System32\w32time.dll
21:40:20.0015 0304 W32Time - ok
21:40:20.0031 0304 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys
21:40:20.0031 0304 Wanarp - ok
21:40:20.0093 0304 Wdf01000 (d918617b46457b9ac28027722e30f647) E:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:40:20.0093 0304 Wdf01000 - ok
21:40:20.0093 0304 WDICA - ok
21:40:20.0125 0304 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys
21:40:20.0125 0304 wdmaud - ok
21:40:20.0140 0304 WebClient (77a354e28153ad2d5e120a5a8687bc06) E:\WINDOWS\System32\webclnt.dll
21:40:20.0156 0304 WebClient - ok
21:40:20.0250 0304 winmgmt (2d0e4ed081963804ccc196a0929275b5) E:\WINDOWS\system32\wbem\WMIsvc.dll
21:40:20.0250 0304 winmgmt - ok
21:40:20.0296 0304 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) E:\WINDOWS\system32\mspmsnsv.dll
21:40:20.0312 0304 WmdmPmSN - ok
21:40:20.0312 0304 WmiApSrv (e0673f1106e62a68d2257e376079f821) E:\WINDOWS\System32\wbem\wmiapsrv.exe
21:40:20.0328 0304 WmiApSrv - ok
21:40:20.0453 0304 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) E:\Program Files\Windows Media Player\WMPNetwk.exe
21:40:20.0468 0304 WMPNetworkSvc - ok
21:40:20.0578 0304 WpdUsb (cf4def1bf66f06964dc0d91844239104) E:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:40:20.0578 0304 WpdUsb - ok
21:40:20.0609 0304 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) E:\WINDOWS\System32\drivers\ws2ifsl.sys
21:40:20.0609 0304 WS2IFSL - ok
21:40:20.0656 0304 wscsvc (7c278e6408d1dce642230c0585a854d5) E:\WINDOWS\system32\wscsvc.dll
21:40:20.0687 0304 wscsvc - ok
21:40:20.0718 0304 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) E:\WINDOWS\system32\wuauserv.dll
21:40:20.0781 0304 wuauserv - ok
21:40:20.0828 0304 WudfPf (50eb9e21963b4f06fd010d007d54351b) E:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:40:20.0828 0304 WudfPf - ok
21:40:20.0843 0304 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) E:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:40:20.0859 0304 WudfRd - ok
21:40:20.0875 0304 WudfSvc (ae93084d2d236887ba56467ae42b4955) E:\WINDOWS\System32\WUDFSvc.dll
21:40:20.0890 0304 WudfSvc - ok
21:40:20.0953 0304 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) E:\WINDOWS\System32\wzcsvc.dll
21:40:20.0968 0304 WZCSVC - ok
21:40:21.0000 0304 xmlprov (295d21f14c335b53cb8154e5b1f892b9) E:\WINDOWS\System32\xmlprov.dll
21:40:21.0015 0304 xmlprov - ok
21:40:21.0046 0304 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:40:21.0296 0304 \Device\Harddisk0\DR0 - ok
21:40:21.0328 0304 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
21:40:21.0515 0304 \Device\Harddisk1\DR1 - ok
21:40:21.0515 0304 Boot (0x1200) (db088624d7744c239661d26b0b7bd1a0) \Device\Harddisk0\DR0\Partition0
21:40:21.0515 0304 \Device\Harddisk0\DR0\Partition0 - ok
21:40:21.0546 0304 Boot (0x1200) (c47bc51460f849d0a47b2cf5167cd838) \Device\Harddisk0\DR0\Partition1
21:40:21.0546 0304 \Device\Harddisk0\DR0\Partition1 - ok
21:40:21.0546 0304 Boot (0x1200) (fd7cb3a9a0e870c688b13e11b679d944) \Device\Harddisk1\DR1\Partition0
21:40:21.0546 0304 \Device\Harddisk1\DR1\Partition0 - ok
21:40:21.0546 0304 ============================================================
21:40:21.0546 0304 Scan finished
21:40:21.0546 0304 ============================================================
21:40:21.0546 2948 Detected object count: 0
21:40:21.0546 2948 Actual detected object count: 0


Also fastscan has started running on my computer (I did not start this I think it's part of Trojan Remover?) and says E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe athe registry winlogon "userinit" entry loads this file, a file with this name has not been found.


Results from VirusTotal....

https://www.virustotal.com/file/d19842ca443aa540ba0a96f0f5eadf559c19061f682bb9b44cbe0aa499ff48eb/analysis/1340570929/

In answer to your question, yes it gave files and paths :)

I did not have any problems following your instruction.

Regards
Karl

maxi
2012-06-25, 19:28
Hi Baydon :)

If you could note down the files and paths that Avast detected it would be great.


Step 1
Please Uninstall Trojan Remover from your computer as it may be hampering our progress.


Step 2
SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:filefind
*ywvlwqew.exe*

:folderfind
*qqeymqug*

:regfind
YwvLwqew
qqeymqug
userinit



Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found on your Desktop entitled SystemLook.txt



Step 3
Please Rerun AswMBR again like I asked you in post number 5.

Step 4
I see you have Malwarebytes installed, Please open the program, check for any updates and run a Quick scan.

In your next reply please include:
The Systemlook logfile.
The aswMBR logfile.
The Malwarebytes log.
The files and paths that Avast found.

Regards maxi :)

Baydon
2012-06-26, 10:15
Hi,

I will have to post back tomorrow now as I'm working a long day today. thanks again

Karl

maxi
2012-06-26, 13:41
No problem, Thanks for letting me know :)

Baydon
2012-06-27, 13:24
SystemLook 30.07.11 by jpshortstuff
Log created at 10:04 on 27/06/2012 by karl
Administrator - Elevation successful

========== filefind ==========

Searching for "*ywvlwqew.exe*"
E:\Documents and Settings\All Users\Application Data\Bitdefender\Avc\Feedback\01CD444C4D54CCBE_2878_002124_ywvlwqew.exe.det --a---- 6670 bytes [01:25 07/06/2012] [01:25 07/06/2012] A28E87B7B83CCFDA6848BE4E7CF74B65
E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe.vir --a---- 84888 bytes [22:36 08/06/2012] [22:56 17/05/2012] D222E319790B3576BA11B2DD5CBCAF84

========== folderfind ==========

Searching for "*qqeymqug*"
E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug d------ [22:56 17/05/2012]

========== regfind ==========

Searching for "YwvLwqew"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="e:\windows\system32\userinit.exe,,E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe"

Searching for "qqeymqug"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="e:\windows\system32\userinit.exe,,E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe"

Searching for "userinit"
[HKEY_CURRENT_USER\Software\Microsoft\Office\Common\UserInfo]
"UserInitials"="k"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="e:\windows\system32\userinit.exe,,E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\userinit.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application]
"Sources"="WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WebClient VSTO 4.0 VSSetup VSS VBRuntime Userinit Userenv UploadM Turbine Network Service Turbine Message Service System.ServiceModel.Install 3.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog SpoolerCtrs Software Restriction Policies Software Installation ServiceModel Audit 3.0.0.0 SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Office Software Protection Platform Service Oakley nview NVIDIA OpenGL Driver ntbackup NeroCheck NDP1.1sp1-KB979906-X86 NDP1.1sp1-KB953297-X86 NDP1.1sp1-KB2656370-X86 NDP1.1sp1-KB2656353-X86 NDP1.1sp1-KB2572067-X86 NDP1.1sp1-KB2416447-X86 MSSQLSERVER/MSDE MSSOAP MSSHA MsiInstaller MSDTC Client MSDTC MSDMine
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Userinit]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Userinit]
"EventMessageFile"="%SystemRoot%\System32\userinit.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Nls\MUILanguages\RCV2\userinit.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\Eventlog\Application]
"Sources"="WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WebClient VSTO 4.0 VSSetup VSS VBRuntime Userinit Userenv UploadM Turbine Network Service Turbine Message Service System.ServiceModel.Install 3.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog SpoolerCtrs Software Restriction Policies Software Installation ServiceModel Audit 3.0.0.0 SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Office Software Protection Platform Service Oakley nview NVIDIA OpenGL Driver ntbackup NeroCheck NDP1.1sp1-KB979906-X86 NDP1.1sp1-KB953297-X86 NDP1.1sp1-KB2656370-X86 NDP1.1sp1-KB2656353-X86 NDP1.1sp1-KB2572067-X86 NDP1.1sp1-KB2416447-X86 MSSQLSERVER/MSDE MSSOAP MSSHA MsiInstaller MSDTC Client MSDTC MSDMine
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\Eventlog\Application\Userinit]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\Eventlog\Application\Userinit]
"EventMessageFile"="%SystemRoot%\System32\userinit.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Control\Nls\MUILanguages\RCV2\userinit.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\Eventlog\Application]
"Sources"="WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WebClient VSTO 4.0 VSSetup VSS VBRuntime Userinit Userenv UploadM Turbine Network Service Turbine Message Service System.ServiceModel.Install 3.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog SpoolerCtrs Software Restriction Policies Software Installation ServiceModel Audit 3.0.0.0 SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Office Software Protection Platform Service Oakley nview NVIDIA OpenGL Driver ntbackup NeroCheck NDP1.1sp1-KB979906-X86 NDP1.1sp1-KB953297-X86 NDP1.1sp1-KB2656370-X86 NDP1.1sp1-KB2656353-X86 NDP1.1sp1-KB2572067-X86 NDP1.1sp1-KB2416447-X86 MSSQLSERVER/MSDE MSSOAP MSSHA MsiInstaller MSDTC Client MSDTC MSDMine
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\Eventlog\Application\Userinit]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\Eventlog\Application\Userinit]
"EventMessageFile"="%SystemRoot%\System32\userinit.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\userinit.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
"Sources"="WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WebClient VSTO 4.0 VSSetup VSS VBRuntime Userinit Userenv UploadM Turbine Network Service Turbine Message Service System.ServiceModel.Install 3.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog SpoolerCtrs Software Restriction Policies Software Installation ServiceModel Audit 3.0.0.0 SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Office Software Protection Platform Service Oakley nview NVIDIA OpenGL Driver ntbackup NeroCheck NDP1.1sp1-KB979906-X86 NDP1.1sp1-KB953297-X86 NDP1.1sp1-KB2656370-X86 NDP1.1sp1-KB2656353-X86 NDP1.1sp1-KB2572067-X86 NDP1.1sp1-KB2416447-X86 MSSQLSERVER/MSDE MSSOAP MSSHA MsiInstaller MSDTC Client MSDTC MSD
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Userinit]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Userinit]
"EventMessageFile"="%SystemRoot%\System32\userinit.exe"
[HKEY_USERS\S-1-5-21-1708537768-1482476501-839522115-1004\Software\Microsoft\Office\Common\UserInfo]
"UserInitials"="k"

-= EOF =-

Baydon
2012-06-27, 13:27
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-27 10:48:53
-----------------------------
10:48:53.360 OS Version: Windows 5.1.2600 Service Pack 3
10:48:53.360 Number of processors: 2 586 0xF0B
10:48:53.360 ComputerName: CATACOMB UserName: karl
10:48:54.220 Initialize success
10:48:54.298 AVAST engine defs: 12062700
10:49:38.345 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
10:49:38.345 Disk 0 Vendor: SAMSUNG_HD501LJ CR100-10 Size: 476938MB BusType: 3
10:49:38.345 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
10:49:38.345 Disk 1 Vendor: WDC_WD2000JD-00HBB0 08.02D08 Size: 190782MB BusType: 3
10:49:38.360 Disk 1 MBR read successfully
10:49:38.360 Disk 1 MBR scan
10:49:38.470 Disk 1 Windows XP default MBR code
10:49:38.470 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 190740 MB offset 63
10:49:38.470 Disk 1 scanning sectors +390636540
10:49:38.563 Disk 1 scanning E:\WINDOWS\system32\drivers
10:49:45.204 Service scanning
10:49:54.923 Modules scanning
10:50:12.704 Disk 1 trace - called modules:
10:50:12.704 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys pciide.sys PCIIDEX.SYS
10:50:12.704 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a99cab8]
10:50:12.704 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000075[0x8a9abf18]
10:50:12.704 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-c[0x8a9b8d98]
10:50:12.704 \Driver\atapi[0x8a9de738] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xb80c98b4]
10:50:13.501 AVAST engine scan E:\WINDOWS
10:50:31.454 AVAST engine scan E:\WINDOWS\system32
10:52:40.407 AVAST engine scan E:\WINDOWS\system32\drivers
10:52:56.282 AVAST engine scan E:\Documents and Settings\karl
10:56:32.798 File: E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe.vir **INFECTED** Win32:Malware-gen
10:56:36.329 File: E:\Documents and Settings\karl\Local Settings\Temp\qctgysgdmdcexanm.exe **INFECTED** Win32:Malware-gen
11:05:39.235 Disk 1 MBR has been saved successfully to "E:\Documents and Settings\karl\Desktop\MBR.dat"
11:05:39.251 The log file has been saved successfully to "E:\Documents and Settings\karl\Desktop\aswMBR.txt"


And I cant seem to open the MBR.dat..... so I cant post it here.

Baydon
2012-06-27, 15:45
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.27.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
karl :: CATACOMB [administrator]

Protection: Enabled

27/06/2012 12:01:01
mbam-log-2012-06-27 (13-44-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217385
Time elapsed: 4 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE (Trojan.Agent) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Trojan.Agent) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Baydon
2012-06-27, 15:46
I will have to post later about paths for avast as of to work now

Kind regards
Karl

maxi
2012-06-28, 18:41
Hi Baydon,

I'm sorry to say I have bad news for you. You have been infected with a file infector which are virtually impossible to clear up. You can read more about it below.


Ramnit warning

I'm afraid I have very bad news for you, unfortunately One or more of the identified infections is Win32/Ramnit.A (http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FRamnit.A)

This infection has really become quit nasty and dangerous.
The problem is that the damage caused by this infection really makes a PC unreliable and untrustworthy. PE file infectors like Ramnit can infect all executable files (DLL, EXE, SCR....and many more also HTML). These infections can open back doors that truly may compromise your computer and your security. These backdoors, could allow a remote attacker to access and instruct the infected computer to download and execute more malicious files.
In many cases the infected files (which could number in the thousands) cannot be disinfected properly by scanning tools. Also when disinfection is attempted, the files often become corrupted and the system may become unstable or irrepairable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are a major source of system infection.

Because Ramnit is also a Trojan Backdoor you are strongly advised to do the following:

Disconnect the computer from the Internet and from any networked computers until it is cleaned.
Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

There is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired.
In my opinion, Ramnit.A is not effectively disinfectable, so your best option is to Reformat your computer and Reinstall windows..

Further reading:

What are Remote Access Trojans and why are they dangerous (http://www.microsoft.com/technet/security/alerts/info/virusrat.mspx)
How do I respond to a possible identity theft and how do I prevent it (http://www.dslreports.com/faq/10451)
When should I do a reformat and reinstallation of my OS (http://www.dslreports.com/faq/10063)
Where to backup your files (http://www.microsoft.com/athome/security/update/wherebackup.mspx)
How to backup your files in Windows XP (http://www.microsoft.com/athome/security/update/howbackup.mspx)
Restoring your backups (http://support.microsoft.com/kb/309340)

Should you have any questions please feel free to ask.

Baydon
2012-06-29, 02:37
Hi Maxi,

Cant say your dianosis pleases me but massive thanks for all your help.

I'm a bit concerned about backing up my data before a reinstall, wont the virus be backed up too?

Karl

maxi
2012-06-29, 20:27
Hi Baydon, Sorry again for the bad news.

Backing up data should be fine, but not programs, executables, or Windows files.

I would advise you to back up the data to a external hard drive, then when you have reinstalled windows and installed an Anti-virus and maybe Malwarebytes, scan the external drive. If it is clear you should be good to go.

If you have any more questions feel free to ask.

Regards maxi

Baydon
2012-07-01, 01:05
I think I'll buy a new drive and turn my old 2 into slaves for storage, is that possible?

Regards Karl

maxi
2012-07-01, 14:22
Hi Karl,

Yes its possible but the drive that is infected needs to be formatted no matter if you use it as a slave or not. If you don't format the drive it will infect anything you connect it to(ie: your new drive.)

Regards maxi :red:

Jack&Jill
2012-07-04, 18:36
As your problems appear to have been resolved, this topic is now closed.

We are glad to be of help. If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read:
Your donation helps in improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)