Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Google redirect problems.

  1. #1
    Member
    Join Date
    Oct 2010
    Posts
    34

    Default Google redirect problems.

    It doesn't happen all the time but sometimes when I click on a Google link I get redirected to a random website. Here is a DDS log:

    Thanks in advance.

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_22
    Run by Marcus at 16:18:36 on 2011-12-01
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2047.768 [GMT 0:00]
    .
    AV: Norton AntiVirus *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    SP: Norton AntiVirus *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\ByteGems.com\I Hate This Key\IHateThisKey.exe
    C:\Program Files\Registry Mechanic\RMTray.exe
    C:\Program Files\ManyCam 2.4\ManyCam.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\hp\kbd\kbd.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\vssvc.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\System32\wsqmcons.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    mStart Page = hxxp://www.yahoo.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyServer = http=127.0.0.1:5577
    uInternet Settings,ProxyOverride = <local>
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Winamp Toolbar BHO: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
    BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.0.0.136\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: PlayBox Toolbar: {5b291e6c-9a74-4034-971b-a4b007a0b315} -
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [EPSON Stylus DX4400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticae.exe /fu "c:\windows\temp\E_SC034.tmp" /EF "HKCU"
    uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
    uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe"
    uRun: [IHateThisKey] c:\program files\bytegems.com\i hate this key\IHateThisKey.exe
    uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
    uRun: [AROReminder] c:\program files\advanced registry optimizer\ARO.exe -rem
    uRun: [ManyCam] "c:\program files\manycam 2.4\ManyCam.exe"
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [msnetCmds] rundll32.exe "c:\users\marcus\appdata\local\rashelpui\msnetCmds.dll",smpMainInterval UtilWebdb
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [KBD] c:\hp\kbd\KbdStub.EXE
    mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [CCUTRAYICON] FactoryMode
    mRun: [GSISETUP] E:\setup.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [RegKillElbyCheck] "c:\program files\elaborate bytes\dvd region killer\ElbyCheck.exe" /L RegKill
    mRun: [RegKillTray] "c:\program files\elaborate bytes\dvd region killer\RegKillTray.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [CleanUp] c:\progra~1\mcafee.com\shared\mcappins.exe /v=3 /cleanup
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\users\marcus\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &Winamp Toolbar Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{47C31F12-7350-4B4A-B5B0-533A22C18501} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{C292A6E2-AFFA-4AF4-9307-D9D5C99AAF8E} : DhcpNameServer = 208.67.220.220,208.67.222.222
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\marcus\appdata\roaming\mozilla\firefox\profiles\i5auhz8l.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - NCH EN Customized Web Search
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - component: c:\users\marcus\appdata\roaming\mozilla\firefox\profiles\i5auhz8l.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko19.dll
    FF - component: c:\users\marcus\appdata\roaming\mozilla\firefox\profiles\i5auhz8l.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
    FF - component: c:\users\marcus\appdata\roaming\mozilla\firefox\profiles\i5auhz8l.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: SearchInOneStep: {8771569D-6C8B-45B5-8D74-5A80DDDF668D} - c:\program files\mozilla firefox\extensions\{8771569D-6C8B-45B5-8D74-5A80DDDF668D}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    FF - Ext: NCH EN Community Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - %profile%\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: XULRunner: {1C530A94-FB03-4325-9678-3898A46EC5CF} - c:\users\marcus\appdata\local\{1C530A94-FB03-4325-9678-3898A46EC5CF}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    ============= SERVICES / DRIVERS ===============
    .
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-10-18 28552]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-5-31 207280]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-5-31 112592]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-26 2218600]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-4-7 378472]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
    R3 RegKill;RegKill;c:\windows\system32\drivers\RegKill.sys [2002-11-27 6400]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
    S3 CEUSBAUD;Lexicon USB MIDI Driver1;c:\windows\system32\drivers\ceusbaud.sys [2003-11-1 17920]
    S3 DfuUsb;DfuUsb;c:\windows\system32\drivers\DFUUsb.sys [2001-11-27 10880]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-20 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-12-27 27192]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-5-31 358600]
    S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-5-31 1141200]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2011-10-16 17:34:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 16:24:00.06 ===============

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

    Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR




    Download aswMBR.exe ( 511KB ) to your desktop.

    Double click the aswMBR.exe to run it

    Click the "Scan" button to start scan


    On completion of the scan click save log, save it to your desktop and post in your next reply







    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Member
    Join Date
    Oct 2010
    Posts
    34

    Default

    Hello. First the aswMBR scan:

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-03 19:43:32
    -----------------------------
    19:43:32.242 OS Version: Windows 6.0.6001 Service Pack 1
    19:43:32.242 Number of processors: 2 586 0xF0B
    19:43:32.242 ComputerName: MARCUS-PC UserName: Marcus
    19:43:33.724 Initialize success
    19:43:45.163 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    19:43:45.163 Disk 0 Vendor: ST3320820AS 3.AHG Size: 305245MB BusType: 3
    19:43:47.206 Disk 0 MBR read successfully
    19:43:47.222 Disk 0 MBR scan
    19:43:47.222 Disk 0 unknown MBR code
    19:43:47.222 Disk 0 scanning sectors +625137345
    19:43:47.362 Disk 0 scanning C:\Windows\system32\drivers
    19:43:59.608 Service scanning
    19:44:03.087 Modules scanning
    19:45:04.442 Disk 0 trace - called modules:
    19:45:04.567 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll ataport.SYS pciide.sys
    19:45:04.567 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89bac478]
    19:45:04.567 3 CLASSPNP.SYS[8cf9d745] -> nt!IofCallDriver -> [0x89bacce0]
    19:45:04.567 5 PCTCore.sys[807c588f] -> nt!IofCallDriver -> [0x89a0c918]
    19:45:05.081 7 acpi.sys[8c8cf6a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x899faba0]
    19:45:05.081 Scan finished successfully
    19:46:37.341 Disk 0 MBR has been saved successfully to "C:\Users\Marcus\Desktop\MBR.dat"
    19:46:37.341 The log file has been saved successfully to "C:\Users\Marcus\Desktop\aswMBR.txt"

    Now the OTL.txt:

    OTL logfile created on: 03/12/2011 19:48:49 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Marcus\Downloads
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 33.59% Memory free
    4.23 Gb Paging File | 2.66 Gb Available in Paging File | 62.77% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 290.20 Gb Total Space | 61.94 Gb Free Space | 21.34% Space Free | Partition Type: NTFS
    Drive D: | 7.89 Gb Total Space | 1.04 Gb Free Space | 13.15% Space Free | Partition Type: NTFS

    Computer Name: MARCUS-PC | User Name: Marcus | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Marcus\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
    PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
    PRC - C:\Program Files\ByteGems.com\I Hate This Key\IHateThisKey.exe (ByteGems.com Software)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools)
    PRC - C:\Program Files\Winamp\winampa.exe ()
    PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
    PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
    PRC - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
    PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)


    ========== Modules (No Company Name) ==========

    MOD - C:\Users\Marcus\AppData\Local\rasHelpUI\msnetCmds.dll ()
    MOD - C:\Program Files\ManyCam 2.4\ImageLayer.dll ()
    MOD - C:\Program Files\ManyCam 2.4\VideoSrc.ax ()
    MOD - C:\Program Files\ManyCam 2.4\InputFilter.ax ()
    MOD - C:\Program Files\ManyCam 2.4\CrashRpt.dll ()
    MOD - C:\Program Files\ByteGems.com\I Hate This Key\ihtkh.dll ()
    MOD - C:\Program Files\ManyCam 2.4\zlib.dll ()
    MOD - C:\Program Files\ManyCam 2.4\cyltracker08.dll ()
    MOD - C:\Program Files\Winamp\winampa.exe ()


    ========== Win32 Services (SafeList) ==========

    SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
    SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
    SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
    SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
    SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
    SRV - (Remote UI Service) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
    SRV - (MCLServiceATL) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
    SRV - (ISSM) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel(R) Corporation)
    SRV - (AlertService) Intel(R) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
    SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
    SRV - (M1 Server) Intel(R) Viiv(TM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
    SRV - (IntelDHSvcConf) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe (Intel(R) Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
    DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
    DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
    DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
    DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
    DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
    DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.)
    DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
    DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
    DRV - (CEUSBAUD) -- C:\Windows\System32\drivers\ceusbaud.sys (CEntrance, Inc.)
    DRV - (RegKill) -- C:\Windows\System32\drivers\RegKill.sys (Elaborate Bytes)
    DRV - (DfuUsb) -- C:\Windows\System32\drivers\DFUUsb.sys (Texas Instruments)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/...ch/search.html


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1589503311-819724082-689753091-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKU\S-1-5-21-1589503311-819724082-689753091-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1589503311-819724082-689753091-1001\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
    IE - HKU\S-1-5-21-1589503311-819724082-689753091-1001\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
    IE - HKU\S-1-5-21-1589503311-819724082-689753091-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-1589503311-819724082-689753091-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1589503311-819724082-689753091-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-21-1589503311-819724082-689753091-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577


    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.defaultthis.engineName: "NCH EN Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
    FF - prefs.js..browser.search.selectedEngine: "NCH EN Customized Web Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.3.3
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {37483b40-c254-4a72-bda4-22ee90182c1e}:3.2.5.2
    FF - prefs.js..extensions.enabledItems: {8771569D-6C8B-45B5-8D74-5A80DDDF668D}:1.0
    FF - prefs.js..extensions.enabledItems: {1C530A94-FB03-4325-9678-3898A46EC5CF}:1.9.1
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Marcus\Program Files\DNA\plugins\npbtdna.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/17 17:29:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/17 23:20:27 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Marcus\Program Files\DNA
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1C530A94-FB03-4325-9678-3898A46EC5CF}: C:\Users\Marcus\AppData\Local\{1C530A94-FB03-4325-9678-3898A46EC5CF} [2010/05/25 14:28:46 | 000,000,000 | ---D | M]

    [2008/11/02 09:15:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Extensions
    [2011/12/02 22:29:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions
    [2010/09/11 21:56:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/02/08 20:54:26 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
    [2010/03/23 22:51:08 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/12/26 13:18:48 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    [2010/12/26 13:18:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions\engine@conduit.com
    [2010/04/17 18:40:13 | 000,002,427 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\i5auhz8l.default\searchplugins\askcom.xml
    [2010/12/30 17:20:12 | 000,000,915 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\i5auhz8l.default\searchplugins\conduit.xml
    [2009/02/21 16:12:16 | 000,001,632 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\i5auhz8l.default\searchplugins\live-search.xml
    [2011/03/17 16:44:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2009/01/22 21:17:41 | 000,000,000 | ---D | M] (SearchInOneStep) -- C:\Program Files\Mozilla Firefox\extensions\{8771569D-6C8B-45B5-8D74-5A80DDDF668D}
    [2011/04/16 21:35:10 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/10/21 12:41:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/05/25 14:28:46 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\MARCUS\APPDATA\LOCAL\{1C530A94-FB03-4325-9678-3898A46EC5CF}
    [2008/09/04 00:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
    [2010/10/21 12:41:28 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2009/11/18 16:18:58 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2009/11/18 16:18:58 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2009/11/18 16:18:58 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2009/01/22 11:50:44 | 000,002,420 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\searchin1172.xml
    [2009/11/18 16:18:58 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========


    O1 HOSTS File: ([2010/05/31 16:32:57 | 000,396,959 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 13703 more lines...
    O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Winamp Toolbar BHO) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
    O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-1589503311-819724082-689753091-1001\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKU\S-1-5-21-1589503311-819724082-689753091-1001\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
    O4 - HKLM..\Run: [CCUTRAYICON] FactoryMode File not found
    O4 - HKLM..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup File not found
    O4 - HKLM..\Run: [GSISETUP] E:\setup.exe File not found
    O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
    O4 - HKLM..\Run: [RegKillElbyCheck] C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe (Elaborate Bytes AG)
    O4 - HKLM..\Run: [RegKillTray] C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe (Elaborate Bytes)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
    O4 - HKU\S-1-5-21-1589503311-819724082-689753091-1001..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe (Sammsoft)
    O4 - HKU\S-1-5-21-1589503311-819724082-689753091-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-1589503311-819724082-689753091-1001..\Run: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
    O4 - HKU\S-1-5-21-1589503311-819724082-689753091-1001..\Run: [IHateThisKey] C:\Program Files\ByteGems.com\I Hate This Key\IHateThisKey.exe (ByteGems.com Software)
    O4 - HKU\S-1-5-21-1589503311-819724082-689753091-1001..\Run: [ManyCam] C:\Program Files\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
    O4 - HKU\S-1-5-21-1589503311-819724082-689753091-1001..\Run: [msnetCmds] C:\Users\Marcus\AppData\Local\rasHelpUI\msnetCmds.dll ()
    O4 - HKU\S-1-5-21-1589503311-819724082-689753091-1001..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
    O4 - HKU\S-1-5-21-1589503311-819724082-689753091-1001..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools)
    O4 - HKU\S-1-5-21-1589503311-819724082-689753091-1001..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-1589503311-819724082-689753091-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1589503311-819724082-689753091-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1589503311-819724082-689753091-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
    O7 - HKU\S-1-5-21-1589503311-819724082-689753091-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
    O7 - HKU\S-1-5-21-1589503311-819724082-689753091-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
    O7 - HKU\S-1-5-21-1589503311-819724082-689753091-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
    O7 - HKU\S-1-5-21-1589503311-819724082-689753091-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
    O7 - HKU\S-1-5-21-1589503311-819724082-689753091-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
    O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-1589503311-819724082-689753091-1001\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKU\S-1-5-21-1589503311-819724082-689753091-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-1589503311-819724082-689753091-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/english...an_unicode.cab (CKAVWebScan Object)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedIn...derControl.cab (LinkedIn ContactFinderControl)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47C31F12-7350-4B4A-B5B0-533A22C18501}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C292A6E2-AFFA-4AF4-9307-D9D5C99AAF8E}: DhcpNameServer = 208.67.220.220,208.67.222.222
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    O24 - Desktop BackupWallPaper: C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/06/27 22:42:23 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{80f9a15f-6ce6-11e0-9680-806e6f6e6963}\Shell\AutoRun\command - "" = F:\fscommand\LS_Start_Launch.cmd
    O33 - MountPoints2\{80f9a15f-6ce6-11e0-9680-806e6f6e6963}\Shell\Launcher\command - "" = F:\fscommand\LS_Start_Launch.cmd
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\S-1-5-21-1589503311-819724082-689753091-1001\...com [@ = comfile] -- Reg Error: Key error. File not found
    O37 - HKU\S-1-5-21-1589503311-819724082-689753091-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/01 16:18:19 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Marcus\Documents\dds.scr
    [2011/11/21 17:48:46 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Documents\Reason Guitars
    [2011/11/06 00:01:47 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Documents\Random
    [2011/11/06 00:00:00 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Documents\Horse Bukkake
    [2011/11/05 22:42:03 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Desktop\CD
    [2009/02/07 09:31:07 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Users\Marcus\AppData\Roaming\REX Shared Library.dll
    [2008/05/12 19:16:10 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Users\Marcus\AppData\Roaming\Rewire.dll
    [7 C:\Users\Marcus\Documents\*.tmp files -> C:\Users\Marcus\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/12/03 19:48:01 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/12/03 19:48:00 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/12/03 19:46:37 | 000,000,512 | ---- | M] () -- C:\Users\Marcus\Desktop\MBR.dat
    [2011/12/03 19:41:34 | 000,001,332 | ---- | M] () -- C:\Users\Marcus\Desktop\Clean Registry for Free!.lnk
    [2011/12/03 19:41:31 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/12/03 19:41:31 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/12/03 19:40:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/12/03 19:40:44 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys
    [2011/12/03 01:10:06 | 001,021,996 | ---- | M] () -- C:\Users\Marcus\Desktop\Abbot.wav
    [2011/12/01 16:29:59 | 000,000,210 | ---- | M] () -- C:\Users\Marcus\Desktop\Google redirect problems. - Safer-Networking Forums.url
    [2011/12/01 16:18:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Marcus\Documents\dds.scr
    [2011/11/26 14:37:04 | 000,002,708 | ---- | M] () -- C:\Users\Marcus\AppData\Local\d3d9caps.dat
    [2011/11/17 19:30:22 | 000,336,134 | ---- | M] () -- C:\Users\Marcus\Desktop\Anton_Shekhovtsov-Apoliteic_Music.pdf
    [2011/11/10 11:31:07 | 000,000,213 | ---- | M] () -- C:\Users\Marcus\Desktop\Steel butterfly knife Black for sale.url
    [7 C:\Users\Marcus\Documents\*.tmp files -> C:\Users\Marcus\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/12/03 19:46:37 | 000,000,512 | ---- | C] () -- C:\Users\Marcus\Desktop\MBR.dat
    [2011/12/03 01:10:06 | 001,021,996 | ---- | C] () -- C:\Users\Marcus\Desktop\Abbot.wav
    [2011/12/01 16:29:58 | 000,000,210 | ---- | C] () -- C:\Users\Marcus\Desktop\Google redirect problems. - Safer-Networking Forums.url
    [2011/11/21 20:55:16 | 000,002,249 | ---- | C] () -- C:\Users\Marcus\Desktop\Melas.mid
    [2011/11/17 19:30:15 | 000,336,134 | ---- | C] () -- C:\Users\Marcus\Desktop\Anton_Shekhovtsov-Apoliteic_Music.pdf
    [2011/11/10 11:31:07 | 000,000,213 | ---- | C] () -- C:\Users\Marcus\Desktop\Steel butterfly knife Black for sale.url
    [2011/05/26 14:27:32 | 000,000,552 | ---- | C] () -- C:\Users\Marcus\AppData\Local\d3d8caps.dat
    [2011/03/21 15:12:25 | 000,002,708 | ---- | C] () -- C:\Users\Marcus\AppData\Local\d3d9caps.dat
    [2010/05/31 16:07:50 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
    [2010/05/31 16:07:50 | 000,763,832 | ---- | C] () -- C:\Windows\BDTSupport.dll
    [2010/05/25 14:28:53 | 000,000,000 | ---- | C] () -- C:\Users\Marcus\AppData\Local\Ltomariv.bin
    [2010/05/25 14:28:51 | 000,000,120 | ---- | C] () -- C:\Users\Marcus\AppData\Local\Usejadiruvup.dat
    [2010/05/25 14:26:44 | 000,000,016 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\vqdlkr.dat
    [2010/03/29 22:23:44 | 000,000,982 | -HS- | C] () -- C:\Users\Marcus\AppData\Local\nSVDb4q65iE
    [2010/03/26 17:56:17 | 000,696,832 | ---- | C] () -- C:\Windows\is-6C4JA.exe
    [2010/03/23 22:46:13 | 000,010,402 | -HS- | C] () -- C:\Users\Marcus\AppData\Local\20xYJkS83BHk4
    [2010/03/23 22:46:13 | 000,010,402 | -HS- | C] () -- C:\ProgramData\20xYJkS83BHk4
    [2010/02/28 18:23:49 | 000,005,612 | ---- | C] () -- C:\Windows\unpsd.ini
    [2010/01/01 17:16:57 | 000,000,608 | -H-- | C] () -- C:\ProgramData\T2
    [2010/01/01 17:16:57 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
    [2009/10/05 14:24:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat
    [2008/09/29 19:05:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2008/08/27 08:17:59 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2008/08/27 08:17:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/07/11 18:48:30 | 000,000,080 | RHS- | C] () -- C:\Windows\System32\2C830C097D.dll
    [2008/06/08 15:01:48 | 000,016,925 | ---- | C] () -- C:\Windows\DIIUnin.dat
    [2008/05/15 17:17:38 | 000,000,207 | ---- | C] () -- C:\Windows\wininit.ini
    [2008/05/13 19:36:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2008/05/13 18:27:09 | 000,000,586 | -HS- | C] () -- C:\Windows\System32\edgtdhiy.ini
    [2008/05/13 09:35:45 | 000,109,852 | ---- | C] () -- C:\ProgramData\BMd5e8b8ab.xml
    [2008/05/13 09:35:45 | 000,000,022 | ---- | C] () -- C:\ProgramData\pskt.ini
    [2008/02/14 19:13:09 | 000,000,208 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2007/12/14 19:42:21 | 000,002,962 | ---- | C] () -- C:\Windows\cdplayer.ini
    [2007/12/01 00:51:26 | 000,000,316 | ---- | C] () -- C:\Windows\Sampler.INI
    [2007/12/01 00:51:26 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
    [2007/12/01 00:51:25 | 000,000,325 | ---- | C] () -- C:\Windows\BeatBox.INI
    [2007/11/01 19:14:52 | 000,012,308 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
    [2007/10/15 21:43:56 | 000,000,021 | ---- | C] () -- C:\Windows\atid.ini
    [2007/09/27 20:14:38 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
    [2007/09/27 20:14:38 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
    [2007/09/27 20:14:38 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
    [2007/09/27 20:14:38 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
    [2007/09/27 20:14:38 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
    [2007/09/27 20:14:38 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
    [2007/09/27 20:14:38 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
    [2007/09/27 20:14:38 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
    [2007/09/27 20:14:38 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
    [2007/09/27 20:14:38 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
    [2007/09/27 20:14:38 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
    [2007/09/27 20:14:38 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
    [2007/09/27 20:14:38 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
    [2007/09/27 20:14:38 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
    [2007/09/27 20:14:38 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
    [2007/09/27 20:14:38 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
    [2007/09/27 20:14:38 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
    [2007/09/27 20:14:38 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
    [2007/09/27 20:14:38 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2007/09/27 20:07:34 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
    [2007/09/24 20:20:24 | 000,000,016 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
    [2007/09/24 20:20:24 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
    [2007/09/06 19:05:09 | 000,000,245 | ---- | C] () -- C:\Windows\musicmaker.INI
    [2007/09/06 19:01:44 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
    [2007/09/06 19:01:39 | 000,038,912 | ---- | C] () -- C:\Windows\System32\mgxasio.dll
    [2007/09/06 18:59:56 | 000,000,024 | ---- | C] () -- C:\Windows\magix.ini
    [2007/09/06 18:59:55 | 000,000,999 | ---- | C] () -- C:\Windows\mgxoschk.ini
    [2007/08/27 12:22:59 | 000,050,176 | ---- | C] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/08/26 22:06:31 | 000,000,496 | ---- | C] () -- C:\Windows\eReg.dat
    [2007/08/24 22:00:00 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
    [2007/08/24 22:00:00 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
    [2007/08/24 22:00:00 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
    [2007/08/24 20:40:30 | 000,160,951 | ---- | C] () -- C:\Windows\System32\drivers\gtipdsp_.bin
    [2007/06/27 22:35:35 | 000,103,521 | ---- | C] () -- C:\Windows\hpqins13.dat
    [2007/06/27 22:20:37 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
    [2007/06/27 22:17:48 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
    [2007/06/27 22:17:48 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
    [2007/03/06 08:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
    [2007/01/12 14:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
    [2007/01/12 14:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
    [2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 12:47:37 | 000,436,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 10:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 10:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/06/23 17:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
    [2004/03/02 06:37:18 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2004/03/02 06:33:52 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2004/01/27 12:13:54 | 000,421,888 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
    [2004/01/22 18:06:32 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [1998/09/15 08:12:52 | 000,051,200 | ---- | C] () -- C:\Windows\System32\tctsaudio.dll
    [1997/06/14 01:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

    ========== LOP Check ==========

    [2008/07/11 18:51:24 | 000,000,000 | -HSD | M] -- C:\Users\Marcus\AppData\Roaming\.#
    [2008/07/13 16:24:02 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Ableton
    [2007/10/16 18:34:51 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\acccore
    [2011/07/10 19:22:58 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Antares
    [2011/11/28 01:23:47 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\BitTorrent
    [2008/03/13 08:42:08 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\BitTorrent DNA
    [2010/12/27 19:50:13 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\CheeseSoft
    [2011/04/22 22:10:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DAEMON Tools
    [2009/01/27 13:11:05 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DNA
    [2007/12/20 16:16:05 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Grisoft
    [2010/04/17 18:52:05 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\ImgBurn
    [2010/05/03 10:27:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\ManyCam
    [2011/02/08 20:53:33 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\NCH Swift Sound
    [2011/01/26 22:58:24 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Neuratron
    [2008/05/13 09:42:40 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Propellerhead Software
    [2007/11/29 19:20:04 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\RhythmRascal
    [2009/10/18 16:41:22 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Sammsoft
    [2008/09/14 14:52:28 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\SecondLife
    [2011/11/28 21:56:37 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Spotify
    [2010/03/17 20:10:27 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Steinberg
    [2011/11/12 12:56:48 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Synthesia
    [2011/05/26 14:27:24 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\SystemRequirementsLab
    [2009/04/07 15:03:33 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\uTorrent
    [2008/03/04 11:41:21 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\WinBatch
    [2011/12/03 01:21:28 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2009/08/18 19:24:32 | 000,009,981 | ---- | M] ()(C:\Users\Marcus\Documents\Ko?n.docx) -- C:\Users\Marcus\Documents\KoЯn.docx
    [2009/08/18 19:24:31 | 000,009,981 | ---- | C] ()(C:\Users\Marcus\Documents\Ko?n.docx) -- C:\Users\Marcus\Documents\KoЯn.docx

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1

    < End of report >

  4. #4
    Member
    Join Date
    Oct 2010
    Posts
    34

    Default

    Finally the Extras.txt

    OTL Extras logfile created on: 03/12/2011 19:48:49 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Marcus\Downloads
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 33.59% Memory free
    4.23 Gb Paging File | 2.66 Gb Available in Paging File | 62.77% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 290.20 Gb Total Space | 61.94 Gb Free Space | 21.34% Space Free | Partition Type: NTFS
    Drive D: | 7.89 Gb Total Space | 1.04 Gb Free Space | 13.15% Space Free | Partition Type: NTFS

    Computer Name: MARCUS-PC | User Name: Marcus | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1589503311-819724082-689753091-1001\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- Reg Error: Key error. File not found
    .cmd [@ = cmdfile] -- Reg Error: Key error. File not found
    .com [@ = comfile] -- Reg Error: Key error. File not found
    .exe [@ = exefile] -- Reg Error: Key error. File not found
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .pif [@ = piffile] -- Reg Error: Key error. File not found
    .vbs [@ = VBSFile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Force Uninstall] -- C:\Program Files\Perfect Uninstaller\PU.exe "%1" ()
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "UacDisableNotify" = 1
    "InternetSettingsDisableNotify" = 1
    "AutoUpdateDisableNotify" = 1
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{05069BA8-21F2-4046-A265-7BBCE5478E8D}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
    "{35928ED6-70F0-4AC8-AE0C-C9E203A80A44}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{3A849754-F16C-40F3-8470-16AD8B945CEA}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
    "{FFF4809C-B639-4195-B5B3-F0A6905DFB87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0C1CBFEB-DC97-4F4D-BDD3-30BC3011EF26}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 demo\binaries\ut3demo.exe |
    "{0C98C405-57B8-42FD-BA16-594424791633}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{0D026CCE-573D-4A24-97CE-76BAED5E2C59}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
    "{0F71CF66-3092-442F-8922-2737DEC8F944}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
    "{11243E18-99A4-456E-950E-214DF94D1535}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
    "{15C3476E-6B8E-4F0B-BD7A-78B3BCD960EF}" = protocol=17 | dir=in | app=c:\users\marcus\program files\bittorrent_dna\dna.exe |
    "{172CEEDF-F2C8-40E7-B043-DF02246037AB}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
    "{1779051B-25A3-445D-AEDA-86F5C4C72FC7}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
    "{1CA0895C-9175-44FD-8D4C-46E007CF039A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{30A3112A-4AF0-4BD2-8185-97813BB927D8}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
    "{3110A17E-6433-494D-9356-7EFD25D83684}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
    "{3A589965-23E1-4559-BFDF-539F884F8A92}" = protocol=6 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs3a14.tmp\symnrt.exe |
    "{3C438585-3BFC-4C80-9C15-EE93B03262A4}" = protocol=17 | dir=in | app=c:\program files\bittorrent_dna\dna.exe |
    "{3E957A28-299A-4C25-A959-CDB84A556519}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
    "{4002B1E2-4711-4970-8427-9D14466A1793}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{40FBBB9E-8A76-4C25-906A-00776CE25AE5}" = protocol=6 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs1708.tmp\symnrt.exe |
    "{437E17A8-3B30-4F84-A3B3-4BCB0DFBA716}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
    "{43FFA852-98A3-4046-B690-6F1499AE82D7}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
    "{45079EF0-BE68-478A-919B-5FC243444A29}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
    "{46354080-058F-4E0E-AC93-FE1B6DAE3403}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
    "{46EDF16A-237E-40E8-BF76-9E93688287BA}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
    "{4759C8D4-4123-4D0E-A1C9-542C63AB4CE4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{4891ACF5-09F4-4097-BC61-16713725CD98}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{54F0DF5C-1A04-496A-8971-297050B7888D}" = protocol=17 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs1708.tmp\symnrt.exe |
    "{565A471C-99F2-4C82-ABF9-822B286C2A7E}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
    "{57CE008C-D5DB-4257-91EE-24FB9BFBC47E}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
    "{656DB2CA-AE85-4CD0-8F4C-9F7AC38A0B8F}" = protocol=6 | dir=in | app=c:\users\marcus\program files\bittorrent_dna\dna.exe |
    "{6606C470-4FE7-4332-9064-67815CA2F6A8}" = protocol=6 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs2eec.tmp\symnrt.exe |
    "{67233814-FE52-4C79-8431-D0E19D6A5CEE}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
    "{72E40133-A1BD-4451-AC16-35548EF5404F}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
    "{7306407D-F11B-4831-A599-7A159C9F2CA9}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
    "{73BFE3DC-DD5A-439D-B12F-B928D48FC20A}" = protocol=6 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs7ff8.tmp\symnrt.exe |
    "{7CBD3D1A-22FD-43C8-9A4A-FCC3B362DD0A}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
    "{7CD62407-4AFF-4769-942E-8FC0575DFFED}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
    "{7F3BB18E-EAD1-44BB-BDB0-ED81B98F17EF}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{81F65645-11E0-4B10-9AF7-FAB5708D73C0}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
    "{83752797-490C-41BA-BC0E-D2236A55FEAA}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
    "{8675C652-A5E3-4A7E-ABA7-EBE956394F05}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
    "{912DDB1B-3D56-446C-962A-700BB66C3946}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
    "{9687EA38-A746-4636-9BB9-A28D117F2FFB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{977090B5-257A-45EE-B92F-F3128CF4E438}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
    "{985DF217-F2E0-44CF-B3E9-E4DDC5EAF8F8}" = protocol=6 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs6fe1.tmp\symnrt.exe |
    "{98C9FEDB-2BDD-4715-A36C-58973DFC2945}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{A62D4CC0-CC1B-4ED8-8394-5EAACCAE38A3}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
    "{A91198A0-645A-418D-BDD9-41C290024F91}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 demo\binaries\ut3demo.exe |
    "{ABDF3BF1-EC98-42BF-832D-C5D712442A63}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
    "{AD8BEC36-6AC1-4573-AC76-D405F831FA84}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{AFA8D931-9E0A-450C-9CDE-BC7A6A0F1CF0}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
    "{B0EB7DB8-069C-4C50-92E5-42575A9C2095}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
    "{B1A23E38-1F7D-4256-934B-25F5E51649F4}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
    "{B336444F-55A9-49DB-A7F4-E0FE2C16BEC4}" = protocol=17 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs3a14.tmp\symnrt.exe |
    "{B662FE93-68B7-48A3-BE60-FC64D0DC1EFB}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
    "{B70FE6A8-17BE-4AA9-A355-9323113A6F5E}" = protocol=17 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs6fe1.tmp\symnrt.exe |
    "{BB381FD6-2C58-40B7-A80A-5F3BED6DA8F1}" = protocol=17 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs7ff8.tmp\symnrt.exe |
    "{BDBFC4E3-4947-473E-B6B7-A82EA899B4FA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{BEF93859-0EE7-4D0E-ACD2-A54582779F7D}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
    "{C3057C9E-CE04-40C7-8F93-35E924F7E33C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
    "{C673261E-E0D9-40F3-A1BE-EC4B6FA88666}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
    "{C88E5345-4A46-4D38-BFE8-F1AF427DBFDB}" = protocol=17 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs4fd4.tmp\symnrt.exe |
    "{D208D1B9-9521-48B0-9236-45B3D45F3C41}" = protocol=6 | dir=in | app=c:\program files\bittorrent_dna\dna.exe |
    "{D7748B91-C402-4BDA-9A14-21F53099CA8A}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{DD2EB50A-8511-4A7A-A7FC-D8DECF0300C7}" = protocol=6 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs4fd4.tmp\symnrt.exe |
    "{E0E646DA-1BCF-4219-8208-E486E8F7EF67}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
    "{EFBFE5C8-DD66-4108-905B-35F22D0219E2}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{F2D9F610-5809-4948-B90C-5F0CE4FC0B60}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{F3335E79-18B7-40BF-BBE1-0C5BBAEA62C3}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{F45DA851-699B-4FB9-B6D7-C208B03D1379}" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
    "{FB0D2316-5992-4D84-9A63-D9BAE29260D3}" = protocol=17 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs2eec.tmp\symnrt.exe |
    "TCP Query User{24B95080-20C0-49CF-95E9-7BD5D8BE94A3}C:\users\marcus\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\marcus\appdata\roaming\spotify\spotify.exe |
    "TCP Query User{263FB633-FAD4-40BA-86F1-3FF2EC663DA9}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe |
    "TCP Query User{5107B846-92FE-4A84-93CD-67BED3612131}C:\program files\soulseek-test\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek-test\slsk.exe |
    "TCP Query User{69CF35F1-71FB-4160-8051-39E1D7744F63}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
    "TCP Query User{6E1E3D17-5559-4CCA-84A0-0C60013E0FB7}C:\users\marcus\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\marcus\program files\dna\btdna.exe |
    "TCP Query User{71B4BBE0-CD77-410A-A6D4-FB9A5D1C114E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{73C6319F-DA78-42B9-8E4A-7D947064B506}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
    "TCP Query User{777650E7-1DDC-4069-8CAA-6BB4C3188D47}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "TCP Query User{A3304DBF-2D7A-447A-80A8-6C6F05EBBDC5}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
    "TCP Query User{F0D8D0C2-4BC8-4F2A-9D72-27C6B30EEBD8}C:\users\marcus\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\marcus\program files\dna\btdna.exe |
    "TCP Query User{F6A21F0D-F75F-46FB-8E7F-543AA3C1CF11}C:\users\marcus\program files\bittorrent_dna\dna.exe" = protocol=6 | dir=in | app=c:\users\marcus\program files\bittorrent_dna\dna.exe |
    "UDP Query User{47611234-2CD1-4144-9DD8-0DCA963A4952}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{49FD287A-594B-4D38-8ACF-72D8A131F50A}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
    "UDP Query User{85871C09-F927-45EB-9898-E6015B3A6DAC}C:\users\marcus\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\marcus\program files\dna\btdna.exe |
    "UDP Query User{8BCFC60A-7DCE-4766-BC3D-1592213B6511}C:\users\marcus\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\marcus\program files\dna\btdna.exe |
    "UDP Query User{96006BB2-C413-41A4-BC47-6F7415E4416B}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "UDP Query User{A4903D7D-FDBA-4AC0-948E-07B322B526A9}C:\program files\soulseek-test\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek-test\slsk.exe |
    "UDP Query User{B0102943-C4B9-47C4-86AF-4138FAE2F5E7}C:\users\marcus\program files\bittorrent_dna\dna.exe" = protocol=17 | dir=in | app=c:\users\marcus\program files\bittorrent_dna\dna.exe |
    "UDP Query User{B8F909B0-26F9-4A35-9275-051BF24081E1}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe |
    "UDP Query User{C217CCC2-45AA-41AA-83F9-09F3895AB151}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
    "UDP Query User{CD7D7E6E-2A57-46D9-8E65-CFC9586105CD}C:\users\marcus\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\marcus\appdata\roaming\spotify\spotify.exe |
    "UDP Query User{D4CE2A37-33B7-4482-9AF8-B919404AFC89}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
    "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
    "{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
    "{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}" = Free NaturalReader
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "{25F6C900-C138-4888-A56C-91D3D063023A}" = HP Update
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
    "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
    "{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
    "{2F173C40-563E-11D4-89C5-0010ADDAAC33}" = EA.com Matchup
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo
    "{32A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java(TM) SE Development Kit 6 Update 22
    "{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
    "{343DBCC6-511C-46C7-B0B7-DD86F60843E5}" = Licensing Service Install
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{40C03514-89C3-41BA-0090-3B440256DB87}" = The Sims 2
    "{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.0
    "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
    "{6804F55C-8E8F-46B5-9DF7-428AF2D139D5}_is1" = Xiah
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
    "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
    "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
    "{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}" = McAfee Virtual Technician
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII
    "{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
    "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 270.61
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 270.61
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 270.61
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
    "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}" = Sibelius 5
    "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
    "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
    "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
    "{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E8B0B371-85E3-403A-B2FD-ABF6E9D2F8AF}" = Rhythm Rascal
    "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
    "{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0FC1E09-AF67-47BC-9E61-90ECFEB4CE82}" = OLYMPUS Master 2
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FCF2A735-3324-4D97-ADAD-4FF865CC05EB}_is1" = Final Uninstaller
    "1888 Number to Word Converter_is1" = 1888 Number to Word Converter 1.0
    "Acoustica MP3 Audio Mixer" = Acoustica MP3 Audio Mixer
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "ActiveScan 2.0" = Panda ActiveScan 2.0
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop 7.0" = Adobe Photoshop 7.0
    "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
    "Age of Empires 2.0" = Microsoft Age of Empires II
    "AIM_7" = AIM 7
    "AmazingMIDI" = AmazingMIDI
    "Antares Autotune Evo VST RTAS_is1" = Antares Autotune Evo VST RTAS v6.0.9
    "Audacity_is1" = Audacity 1.2.6
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
    "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
    "Browser Defender_is1" = Browser Defender 2.0.6.15
    "BT Broadband Talk Softphone Frontier_is1" = BT Broadband Talk Softphone 2.0
    "BT Total Broadband 220V" = BTTotalBroadband220V
    "CD - DVD Publishing Service" = CD - DVD Publishing Service
    "Celemony Melodyne Plugin_is1" = Celemony Melodyne Plugin VST RTAS v1.0
    "Collab" = Collab
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "coverXP" = coverXP (remove only)
    "Deadhunt (demo)_is1" = Deadhunt Demo
    "DesktopActivityRecorder" = Desktop Activity Recorder 2.6
    "Diablo II" = Diablo II
    "DVD Region Killer" = DVD Region Killer
    "Emagic Logic Audio Platinum 5.5" = Emagic Logic Audio Platinum 5.5
    "EPSON Printer and Utilities" = EPSON Printer Software
    "EPSON Scanner" = EPSON Scan
    "FL Studio 7" = FL Studio 7
    "Graboid Video" = Graboid Video 1.73
    "HijackThis" = HijackThis 2.0.2
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Photosmart Essential" = HP Photosmart Essential 2.0
    "I Hate This Key_is1" = I Hate This Key Deluxe Edition 5.1
    "IL Download Manager" = IL Download Manager
    "ImgBurn" = ImgBurn
    "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
    "Intel(R) Configuration Center" = Intel® Viiv™ Software
    "Kaspersky Online Scanner" = Kaspersky Online Scanner
    "KLiteCodecPack_is1" = K-Lite Codec Pack 3.5.7 Basic
    "Lambda ASIO driver" = Lexicon Lambda ASIO(remove only)
    "Live 7.0.3" = Live 7.0.3
    "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
    "MAGIX Media Manager 2004 silver" = MAGIX Media Manager 2004 silver
    "MAGIX music maker 2005 deLuxe" = MAGIX music maker 2005 deLuxe
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "ManyCam" = ManyCam 2.4 (remove only)
    "MbrolaTools35_is1" = Mbrola Tools 3.5
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12
    "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
    "nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1
    "Neuratron PhotoScore Lite" = Neuratron PhotoScore Lite
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
    "PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
    "Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.8
    "Platypus Free Trial_is1" = Platypus 1.13
    "PrintScreenDeluxe" = Print Screen Deluxe
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "RealPlayer 6.0" = RealPlayer
    "Reason_is1" = Reason 3.0
    "Registry Mechanic_is1" = Registry Mechanic 8.0
    "SearchIn1Step" = SearchInOneStep 1.0 build 172
    "SmartUndelete_is1" = SmartUndelete
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "Spotify" = Spotify
    "Spyware Doctor" = Spyware Doctor 7.0
    "Switch" = Switch Sound File Converter
    "Synthesia" = Synthesia (remove only)
    "SystemRequirementsLab" = System Requirements Lab
    "ToneGen" = NCH Tone Generator
    "UltraISO_is1" = UltraISO Premium V9.32
    "UT2003" = Unreal Tournament 2003
    "Viper" = Viper 1.5.00
    "Viral Outbreak v1.00 Demo_is1" = Viral Outbreak v1.00 VSTi Demo
    "VLC media player" = VLC media player 1.0.1
    "WavePad" = WavePad Sound Editor
    "Winamp" = Winamp
    "Winamp Toolbar" = Winamp Toolbar
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "Xvid_is1" = Xvid 1.2.2 final uninstall
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Extras" = Yahoo! Browser Services
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Toolbar" = Yahoo! Toolbar
    "YouTube FLV to AVI converter Pro_is1" = YouTube FLV to AVI converter Pro 2.1.2

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1589503311-819724082-689753091-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Diablo II" = Diablo II
    "InstallShield_{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 28/11/2011 08:18:13 | Computer Name = Marcus-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 28/11/2011 16:31:55 | Computer Name = Marcus-PC | Source = System Restore | ID = 8193
    Description =

    Error - 28/11/2011 17:41:29 | Computer Name = Marcus-PC | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.19088, time stamp
    0x4de07b1b, faulting module Flash11c.ocx, version 11.0.1.152, time stamp 0x4e7d1782,
    exception code 0xc0000005, fault offset 0x005c79c6, process id 0x684, application
    start time 0x01ccae0cb9aa92d0.

    Error - 29/11/2011 09:03:14 | Computer Name = Marcus-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 29/11/2011 19:31:50 | Computer Name = Marcus-PC | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.19088, time stamp
    0x4de07b1b, faulting module mshtml.dll, version 8.0.6001.19088, time stamp 0x4de090ed,
    exception code 0xc0000005, fault offset 0x000678d8, process id 0xca0, application
    start time 0x01ccae9950b58d63.

    Error - 30/11/2011 13:02:40 | Computer Name = Marcus-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 01/12/2011 12:08:30 | Computer Name = Marcus-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 01/12/2011 20:41:37 | Computer Name = Marcus-PC | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.19088, time stamp
    0x4de07b1b, faulting module mshtml.dll, version 8.0.6001.19088, time stamp 0x4de090ed,
    exception code 0xc0000005, fault offset 0x002531a0, process id 0x2d4, application
    start time 0x01ccb046df38f460.

    Error - 02/12/2011 14:31:06 | Computer Name = Marcus-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 03/12/2011 15:41:07 | Computer Name = Marcus-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    [ Media Center Events ]
    Error - 17/04/2008 07:57:23 | Computer Name = Marcus-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    [ OSession Events ]
    Error - 27/12/2008 19:10:57 | Computer Name = Marcus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 14170
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 15/08/2009 16:47:13 | Computer Name = Marcus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 36475
    seconds with 660 seconds of active time. This session ended with a crash.

    Error - 09/12/2009 20:34:35 | Computer Name = Marcus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11609
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 19/02/2011 19:16:03 | Computer Name = Marcus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21531
    seconds with 1740 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 02/12/2011 20:01:01 | Computer Name = Marcus-PC | Source = DCOM | ID = 10016
    Description =

    Error - 02/12/2011 20:01:01 | Computer Name = Marcus-PC | Source = DCOM | ID = 10016
    Description =

    Error - 02/12/2011 20:01:01 | Computer Name = Marcus-PC | Source = DCOM | ID = 10016
    Description =

    Error - 02/12/2011 20:01:01 | Computer Name = Marcus-PC | Source = DCOM | ID = 10016
    Description =

    Error - 02/12/2011 20:01:01 | Computer Name = Marcus-PC | Source = DCOM | ID = 10016
    Description =

    Error - 02/12/2011 20:01:01 | Computer Name = Marcus-PC | Source = DCOM | ID = 10016
    Description =

    Error - 02/12/2011 20:01:01 | Computer Name = Marcus-PC | Source = DCOM | ID = 10016
    Description =

    Error - 03/12/2011 15:40:49 | Computer Name = Marcus-PC | Source = HTTP | ID = 15016
    Description =

    Error - 03/12/2011 15:41:07 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 03/12/2011 15:51:35 | Computer Name = Marcus-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description =


    < End of report >

  5. #5
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Before we proceed, did you knowingly install these programs, they fall somewhere in the grey area

    ManyCam 2.4
    I Hate This Key
    Ask Toolbar
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  6. #6
    Member
    Join Date
    Oct 2010
    Posts
    34

    Default

    Quote Originally Posted by ken545 View Post
    Before we proceed, did you knowingly install these programs, they fall somewhere in the grey area

    ManyCam 2.4
    I Hate This Key
    Ask Toolbar
    I am not familiar with Ask Toolbar but the other 2 I did install.

  7. #7
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    Just want to give you a heads up on uTorrent, File Sharing is quaranteed to get you infected, your downloading that file from an unknown source and most contain malware , you would be doing yourself a favor if you uninstalled it and stay away from any kind of File Sharing.


    I also see a program called Clean My Registry, we do not recommend registry cleaners, there really not needed , remove the wrong entry or entries can make your system unbootable.



    Open OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :processes
      killallprocesses
      
      :OTL
      IE - HKU\S-1-5-21-1589503311-819724082-689753091-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      IE - HKU\S-1-5-21-1589503311-819724082-689753091-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
      FF - prefs.js..browser.search.defaultengine: "Ask.com"
      FF - prefs.js..browser.search.defaultenginename: "Ask.com"
      FF - prefs.js..browser.search.order.1: "Ask.com"
      @Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:DFC5A2B2
      @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
      
      
      :Services
      
      :Reg
      
      :Files
      ipconfig /flushdns /c
      
      
      
      
      
      :Commands
      [purity]
      [resethosts]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Then click the Run Fix button at the top. <--Not run Scan
    • Let the program run unhindered, reboot when it is done
    • Then post the results of the log it produces.
    • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
    Last edited by ken545; 2011-12-05 at 03:15.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #8
    Member
    Join Date
    Oct 2010
    Posts
    34

    Default

    Hi, I got rid of Bit Torrent and the registry cleaner, here is the fix log:


    Files\Folders moved on Reboot...
    File\Folder C:\Users\Marcus\AppData\Local\Temp\~DF2FFA.tmp not found!
    File\Folder C:\Users\Marcus\AppData\Local\Temp\~DF3011.tmp not found!
    File\Folder C:\Users\Marcus\AppData\Local\Temp\~DF306E.tmp not found!
    File\Folder C:\Users\Marcus\AppData\Local\Temp\~DF3079.tmp not found!
    File\Folder C:\Users\Marcus\AppData\Local\Temp\~DF30B4.tmp not found!
    File\Folder C:\Users\Marcus\AppData\Local\Temp\~DF30BF.tmp not found!
    C:\Users\Marcus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2D73JGTE\watch[10].htm moved successfully.
    C:\Users\Marcus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    File\Folder C:\Users\Marcus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\fla5201.tmp not found!

    Registry entries deleted on Reboot...

    And the new OTL log:

    OTL logfile created on: 06/12/2011 20:14:59 - Run 2
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Marcus\Downloads
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.59% Memory free
    4.23 Gb Paging File | 3.06 Gb Available in Paging File | 72.29% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 290.20 Gb Total Space | 65.19 Gb Free Space | 22.46% Space Free | Partition Type: NTFS
    Drive D: | 7.89 Gb Total Space | 1.04 Gb Free Space | 13.15% Space Free | Partition Type: NTFS

    Computer Name: MARCUS-PC | User Name: Marcus | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Marcus\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
    PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
    PRC - C:\Program Files\ByteGems.com\I Hate This Key\IHateThisKey.exe (ByteGems.com Software)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools)
    PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
    PRC - C:\Program Files\Winamp\winampa.exe ()
    PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
    PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
    PRC - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
    PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    PRC - C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe (Elaborate Bytes)


    ========== Modules (No Company Name) ==========

    MOD - C:\Users\Marcus\AppData\Local\rasHelpUI\msnetCmds.dll ()
    MOD - C:\Program Files\ManyCam 2.4\ImageLayer.dll ()
    MOD - C:\Program Files\ManyCam 2.4\VideoSrc.ax ()
    MOD - C:\Program Files\ManyCam 2.4\InputFilter.ax ()
    MOD - C:\Program Files\ManyCam 2.4\CrashRpt.dll ()
    MOD - C:\Program Files\ByteGems.com\I Hate This Key\ihtkh.dll ()
    MOD - C:\Program Files\ManyCam 2.4\zlib.dll ()
    MOD - C:\Program Files\ManyCam 2.4\cyltracker08.dll ()
    MOD - C:\Program Files\Winamp\winampa.exe ()


    ========== Win32 Services (SafeList) ==========

    SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
    SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
    SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
    SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
    SRV - (Remote UI Service) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
    SRV - (MCLServiceATL) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
    SRV - (ISSM) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel(R) Corporation)
    SRV - (AlertService) Intel(R) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
    SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
    SRV - (M1 Server) Intel(R) Viiv(TM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
    SRV - (IntelDHSvcConf) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe (Intel(R) Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
    DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
    DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
    DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
    DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
    DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
    DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.)
    DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
    DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
    DRV - (CEUSBAUD) -- C:\Windows\System32\drivers\ceusbaud.sys (CEntrance, Inc.)
    DRV - (RegKill) -- C:\Windows\System32\drivers\RegKill.sys (Elaborate Bytes)
    DRV - (DfuUsb) -- C:\Windows\System32\drivers\DFUUsb.sys (Texas Instruments)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/...ch/search.html

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: ""
    FF - prefs.js..browser.search.defaultenginename: ""
    FF - prefs.js..browser.search.defaultthis.engineName: "NCH EN Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: ""
    FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
    FF - prefs.js..browser.search.selectedEngine: "NCH EN Customized Web Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.3.3
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {37483b40-c254-4a72-bda4-22ee90182c1e}:3.2.5.2
    FF - prefs.js..extensions.enabledItems: {8771569D-6C8B-45B5-8D74-5A80DDDF668D}:1.0
    FF - prefs.js..extensions.enabledItems: {1C530A94-FB03-4325-9678-3898A46EC5CF}:1.9.1
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Marcus\Program Files\DNA\plugins\npbtdna.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/17 17:29:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/17 23:20:27 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Marcus\Program Files\DNA
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1C530A94-FB03-4325-9678-3898A46EC5CF}: C:\Users\Marcus\AppData\Local\{1C530A94-FB03-4325-9678-3898A46EC5CF} [2010/05/25 14:28:46 | 000,000,000 | ---D | M]

    [2008/11/02 09:15:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Extensions
    [2011/12/06 20:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions
    [2010/09/11 21:56:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/02/08 20:54:26 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
    [2010/03/23 22:51:08 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/12/26 13:18:48 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    [2010/12/26 13:18:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions\engine@conduit.com
    [2010/04/17 18:40:13 | 000,002,427 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\i5auhz8l.default\searchplugins\askcom.xml
    [2010/12/30 17:20:12 | 000,000,915 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\i5auhz8l.default\searchplugins\conduit.xml
    [2009/02/21 16:12:16 | 000,001,632 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\i5auhz8l.default\searchplugins\live-search.xml
    [2011/03/17 16:44:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2009/01/22 21:17:41 | 000,000,000 | ---D | M] (SearchInOneStep) -- C:\Program Files\Mozilla Firefox\extensions\{8771569D-6C8B-45B5-8D74-5A80DDDF668D}
    [2011/04/16 21:35:10 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/10/21 12:41:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/05/25 14:28:46 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\MARCUS\APPDATA\LOCAL\{1C530A94-FB03-4325-9678-3898A46EC5CF}
    [2008/09/04 00:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
    [2010/10/21 12:41:28 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2009/11/18 16:18:58 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2009/11/18 16:18:58 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2009/11/18 16:18:58 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2009/01/22 11:50:44 | 000,002,420 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\searchin1172.xml
    [2009/11/18 16:18:58 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========


    O1 HOSTS File: ([2011/12/06 19:26:00 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Winamp Toolbar BHO) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
    O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
    O4 - HKLM..\Run: [CCUTRAYICON] FactoryMode File not found
    O4 - HKLM..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup File not found
    O4 - HKLM..\Run: [GSISETUP] E:\setup.exe File not found
    O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
    O4 - HKLM..\Run: [RegKillElbyCheck] C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe (Elaborate Bytes AG)
    O4 - HKLM..\Run: [RegKillTray] C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe (Elaborate Bytes)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
    O4 - HKCU..\Run: [IHateThisKey] C:\Program Files\ByteGems.com\I Hate This Key\IHateThisKey.exe (ByteGems.com Software)
    O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
    O4 - HKCU..\Run: [msnetCmds] C:\Users\Marcus\AppData\Local\rasHelpUI\msnetCmds.dll ()
    O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
    O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools)
    O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
    O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
    O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/english...an_unicode.cab (CKAVWebScan Object)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedIn...derControl.cab (LinkedIn ContactFinderControl)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47C31F12-7350-4B4A-B5B0-533A22C18501}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C292A6E2-AFFA-4AF4-9307-D9D5C99AAF8E}: DhcpNameServer = 208.67.220.220,208.67.222.222
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    O24 - Desktop BackupWallPaper: C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/06/27 22:42:23 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{80f9a15f-6ce6-11e0-9680-806e6f6e6963}\Shell\AutoRun\command - "" = F:\fscommand\LS_Start_Launch.cmd
    O33 - MountPoints2\{80f9a15f-6ce6-11e0-9680-806e6f6e6963}\Shell\Launcher\command - "" = F:\fscommand\LS_Start_Launch.cmd
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/06 19:25:53 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/12/01 16:18:19 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Marcus\Documents\dds.scr
    [2011/11/21 17:48:46 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Documents\Reason Guitars
    [2009/02/07 09:31:07 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Users\Marcus\AppData\Roaming\REX Shared Library.dll
    [2008/05/12 19:16:10 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Users\Marcus\AppData\Roaming\Rewire.dll
    [7 C:\Users\Marcus\Documents\*.tmp files -> C:\Users\Marcus\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/12/06 20:17:51 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/12/06 20:17:51 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/12/06 20:10:32 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/12/06 20:10:32 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/12/06 20:10:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/12/06 20:10:21 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys
    [2011/12/06 19:26:00 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
    [2011/12/01 16:29:59 | 000,000,210 | ---- | M] () -- C:\Users\Marcus\Desktop\Google redirect problems. - Safer-Networking Forums.url
    [2011/12/01 16:18:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Marcus\Documents\dds.scr
    [2011/11/26 14:37:04 | 000,002,708 | ---- | M] () -- C:\Users\Marcus\AppData\Local\d3d9caps.dat
    [2011/11/17 19:30:22 | 000,336,134 | ---- | M] () -- C:\Users\Marcus\Desktop\Anton_Shekhovtsov-Apoliteic_Music.pdf
    [2011/11/10 11:31:07 | 000,000,213 | ---- | M] () -- C:\Users\Marcus\Desktop\Steel butterfly knife Black for sale.url
    [7 C:\Users\Marcus\Documents\*.tmp files -> C:\Users\Marcus\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/12/01 16:29:58 | 000,000,210 | ---- | C] () -- C:\Users\Marcus\Desktop\Google redirect problems. - Safer-Networking Forums.url
    [2011/11/21 20:55:16 | 000,002,249 | ---- | C] () -- C:\Users\Marcus\Desktop\Melas.mid
    [2011/11/17 19:30:15 | 000,336,134 | ---- | C] () -- C:\Users\Marcus\Desktop\Anton_Shekhovtsov-Apoliteic_Music.pdf
    [2011/11/10 11:31:07 | 000,000,213 | ---- | C] () -- C:\Users\Marcus\Desktop\Steel butterfly knife Black for sale.url
    [2011/05/26 14:27:32 | 000,000,552 | ---- | C] () -- C:\Users\Marcus\AppData\Local\d3d8caps.dat
    [2011/03/21 15:12:25 | 000,002,708 | ---- | C] () -- C:\Users\Marcus\AppData\Local\d3d9caps.dat
    [2010/05/31 16:07:50 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
    [2010/05/31 16:07:50 | 000,763,832 | ---- | C] () -- C:\Windows\BDTSupport.dll
    [2010/05/25 14:28:53 | 000,000,000 | ---- | C] () -- C:\Users\Marcus\AppData\Local\Ltomariv.bin
    [2010/05/25 14:28:51 | 000,000,120 | ---- | C] () -- C:\Users\Marcus\AppData\Local\Usejadiruvup.dat
    [2010/05/25 14:26:44 | 000,000,016 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\vqdlkr.dat
    [2010/03/29 22:23:44 | 000,000,982 | -HS- | C] () -- C:\Users\Marcus\AppData\Local\nSVDb4q65iE
    [2010/03/26 17:56:17 | 000,696,832 | ---- | C] () -- C:\Windows\is-6C4JA.exe
    [2010/03/23 22:46:13 | 000,010,402 | -HS- | C] () -- C:\Users\Marcus\AppData\Local\20xYJkS83BHk4
    [2010/03/23 22:46:13 | 000,010,402 | -HS- | C] () -- C:\ProgramData\20xYJkS83BHk4
    [2010/02/28 18:23:49 | 000,005,612 | ---- | C] () -- C:\Windows\unpsd.ini
    [2010/01/01 17:16:57 | 000,000,608 | -H-- | C] () -- C:\ProgramData\T2
    [2010/01/01 17:16:57 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
    [2009/10/05 14:24:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat
    [2008/09/29 19:05:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2008/08/27 08:17:59 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2008/08/27 08:17:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/07/11 18:48:30 | 000,000,080 | RHS- | C] () -- C:\Windows\System32\2C830C097D.dll
    [2008/06/08 15:01:48 | 000,016,925 | ---- | C] () -- C:\Windows\DIIUnin.dat
    [2008/05/15 17:17:38 | 000,000,207 | ---- | C] () -- C:\Windows\wininit.ini
    [2008/05/13 19:36:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2008/05/13 18:27:09 | 000,000,586 | -HS- | C] () -- C:\Windows\System32\edgtdhiy.ini
    [2008/05/13 09:35:45 | 000,109,852 | ---- | C] () -- C:\ProgramData\BMd5e8b8ab.xml
    [2008/05/13 09:35:45 | 000,000,022 | ---- | C] () -- C:\ProgramData\pskt.ini
    [2008/02/14 19:13:09 | 000,000,208 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2007/12/14 19:42:21 | 000,002,962 | ---- | C] () -- C:\Windows\cdplayer.ini
    [2007/12/01 00:51:26 | 000,000,316 | ---- | C] () -- C:\Windows\Sampler.INI
    [2007/12/01 00:51:26 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
    [2007/12/01 00:51:25 | 000,000,325 | ---- | C] () -- C:\Windows\BeatBox.INI
    [2007/11/01 19:14:52 | 000,012,308 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
    [2007/10/15 21:43:56 | 000,000,021 | ---- | C] () -- C:\Windows\atid.ini
    [2007/09/27 20:14:38 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
    [2007/09/27 20:14:38 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
    [2007/09/27 20:14:38 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
    [2007/09/27 20:14:38 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
    [2007/09/27 20:14:38 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
    [2007/09/27 20:14:38 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
    [2007/09/27 20:14:38 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
    [2007/09/27 20:14:38 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
    [2007/09/27 20:14:38 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
    [2007/09/27 20:14:38 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
    [2007/09/27 20:14:38 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
    [2007/09/27 20:14:38 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
    [2007/09/27 20:14:38 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
    [2007/09/27 20:14:38 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
    [2007/09/27 20:14:38 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
    [2007/09/27 20:14:38 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
    [2007/09/27 20:14:38 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
    [2007/09/27 20:14:38 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
    [2007/09/27 20:14:38 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2007/09/27 20:07:34 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
    [2007/09/24 20:20:24 | 000,000,016 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
    [2007/09/24 20:20:24 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
    [2007/09/06 19:05:09 | 000,000,245 | ---- | C] () -- C:\Windows\musicmaker.INI
    [2007/09/06 19:01:44 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
    [2007/09/06 19:01:39 | 000,038,912 | ---- | C] () -- C:\Windows\System32\mgxasio.dll
    [2007/09/06 18:59:56 | 000,000,024 | ---- | C] () -- C:\Windows\magix.ini
    [2007/09/06 18:59:55 | 000,000,999 | ---- | C] () -- C:\Windows\mgxoschk.ini
    [2007/08/27 12:22:59 | 000,050,176 | ---- | C] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/08/26 22:06:31 | 000,000,496 | ---- | C] () -- C:\Windows\eReg.dat
    [2007/08/24 22:00:00 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
    [2007/08/24 22:00:00 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
    [2007/08/24 22:00:00 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
    [2007/08/24 20:40:30 | 000,160,951 | ---- | C] () -- C:\Windows\System32\drivers\gtipdsp_.bin
    [2007/06/27 22:35:35 | 000,103,521 | ---- | C] () -- C:\Windows\hpqins13.dat
    [2007/06/27 22:20:37 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
    [2007/06/27 22:17:48 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
    [2007/06/27 22:17:48 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
    [2007/03/06 08:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
    [2007/01/12 14:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
    [2007/01/12 14:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
    [2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 12:47:37 | 000,436,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 10:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 10:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/06/23 17:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
    [2004/03/02 06:37:18 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2004/03/02 06:33:52 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2004/01/27 12:13:54 | 000,421,888 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
    [2004/01/22 18:06:32 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [1998/09/15 08:12:52 | 000,051,200 | ---- | C] () -- C:\Windows\System32\tctsaudio.dll
    [1997/06/14 01:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

    ========== Files - Unicode (All) ==========
    [2009/08/18 19:24:32 | 000,009,981 | ---- | M] ()(C:\Users\Marcus\Documents\Ko?n.docx) -- C:\Users\Marcus\Documents\KoЯn.docx
    [2009/08/18 19:24:31 | 000,009,981 | ---- | C] ()(C:\Users\Marcus\Documents\Ko?n.docx) -- C:\Users\Marcus\Documents\KoЯn.docx

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1

    < End of report >

  9. #9
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    How are the redirects ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #10
    Member
    Join Date
    Oct 2010
    Posts
    34

    Default

    I haven't had a redirect all day so things are looking good.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •