cannot install or use safe mode & blocked from security sites

**Baydon** · 2012-06-12, 13:04

Hello,

I'm a new member so sorry if I ask silly questions.

I recently bought bitdefender, uninstalled anitvirus software to install it and found I could not.. then found I could not access some sites I tried when looking for a solution like bleeping computer. I was surprised I had access to this one! I have run malwarebytes(had to change the file name to install!), superanitspyware, trojan remover and rkill in an attempt to move this virus but no luck. From reading your faq I see I may have done more damage

I have downloaded and installed erunt but cannot get DDS Log as it comes from bleeping computer...

Hope you can help me.

Kind regards
Karl

**maxi** · 2012-06-13, 17:42

Welcome to Safer Networking. I am maxi, and I will be helping you out with your malware problems.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.

Please observe and follow these Forum Rules.
Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
Please read the instructions carefully and follow them closely, in the order they are presented to you.
If you have any doubts or problems during the fix, please stop and ask.
All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
If you do not reply within 3 days, this topic will be closed.

If you are agreeable to the above, then everything should go smoothly

Note:
As I am currently still in training, everything that I post to you must be first checked by my teacher. This may add a tiny delay between replies so please be patient

I need more information before I begin assisting you:
What version of Windows are you using ? Is it 32 or 64 bit ?
Did you manage to back up your registry with Erunt ?
If you are running Teatimer, Have you disabled it ?

Regards maxi

**Baydon** · 2012-06-14, 14:14

Hi!

Thanks for reply, I have no problem following your instructions.

I have windows XP 32bit

I have backed up my reg with Erunt

I don't have Teatimer(whats that?)

I am going to download DSS log on another comp and use a flash pen to move it to this one if you are ok with that?

Regards
Karl

**maxi** · 2012-06-14, 15:04

Hi Baydon,

I am going to download DSS log on another comp and use a flash pen to move it to this one if you are ok with that?

Maybe just hold off on that while I confer with my teacher. Good idea though

I'll be back as soon as I can.

Regards maxi

**maxi** · 2012-06-14, 17:25

Hi Baydon,

You can try to download these tools on the infected computer but If your having trouble you can use the other computer and the pen drive. (Just remember to save the programs to your Desktop)

Step 1
Back up your registry again using Erunt.

Step 2
Please download OTL by Old Timer and save it to your Desktop.

Double click on OTL.exe to run it.
Under Output, ensure that Standard Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.

Step 3
Please download aswMBR and save it to your Desktop.

Double click aswMBR.exe to run it.
Click Yes to the prompt to download Avast! virus definitions.
(Please be patient whilst the virus definitions download)
With the AVscan set to Quick Scan, click the Scan button.
(Please be patient whilst your computer is scanned.)
After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
Click OK > Exit.
Note: Do not attempt to fix anything at this stage!
Two files will be created, aswMBR.txt & a file named MBR.dat.
MBR.dat is a backup of the MBR(master boot record), do not delete it..
I strongly suggest you keep a copy of this backup stored on an external device.
Copy & Paste the contents of aswMBR.txt into your next reply.

In your next reply please include:
Both logs created by OTL.
The log created by aswMBR.
Any problems you had with my instructions.

Regards maxi

**Baydon** · 2012-06-15, 17:45

Hi,

I will post all the logs tomorrow due to work commitments.

I really appreciate all your help so far.

Regards
Karl

**maxi** · 2012-06-16, 13:58

No problem

**Baydon** · 2012-06-17, 12:34

Hi,

OTL logs...

OTL logfile created on: 17/06/2012 10:23:36 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = E:\Documents and Settings\karl\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.58% Memory free
3.85 Gb Paging File | 2.96 Gb Available in Paging File | 76.91% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 186.27 Gb Total Space | 36.68 Gb Free Space | 19.69% Space Free | Partition Type: NTFS
Drive E: | 368.10 Gb Total Space | 77.33 Gb Free Space | 21.01% Space Free | Partition Type: NTFS
Drive F: | 97.65 Gb Total Space | 45.23 Gb Free Space | 46.31% Space Free | Partition Type: NTFS

Computer Name: CATACOMB | User Name: karl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/15 07:39:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\karl\Desktop\OTL.exe
PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- E:\Documents and Settings\karl\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/05/21 21:38:02 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/05/08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- E:\Documents and Settings\karl\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/04/27 10:05:00 | 000,924,600 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/04 17:15:34 | 002,163,024 | ---- | M] (Diskeeper Corporation) -- F:\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- E:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/05/25 18:23:16 | 001,801,064 | ---- | M] (Hewlett-Packard Co.) -- E:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
PRC - [2011/03/21 22:10:00 | 001,230,704 | ---- | M] () -- E:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/11/20 03:23:30 | 000,380,416 | ---- | M] () -- E:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
PRC - [2009/07/21 10:17:46 | 000,323,584 | ---- | M] (Logitech Inc.) -- E:\Program Files\Logitech\SetPoint II\SetPointII.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- E:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/11/07 17:43:36 | 000,809,488 | ---- | M] (Logitech, Inc.) -- E:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe
PRC - [2008/01/07 14:28:02 | 000,143,360 | ---- | M] () -- E:\Program Files\Razer\Lycosa\razertra.exe
PRC - [2007/11/20 17:53:36 | 000,147,456 | ---- | M] (Razer USA Ltd.) -- E:\Program Files\Razer\Lycosa\razerhid.exe
PRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- E:\WINDOWS\system32\HPZipm12.exe
PRC - [2000/05/20 17:23:48 | 000,086,016 | ---- | M] () -- E:\WINDOWS\StartupMonitor.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/17 10:02:36 | 000,065,024 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/06/17 10:02:36 | 000,052,736 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/06/09 00:50:35 | 000,117,760 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/06/09 00:50:35 | 000,052,224 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/04/27 10:05:00 | 001,952,696 | ---- | M] () -- E:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/10 05:10:00 | 001,568,576 | ---- | M] () -- E:\Program Files\NVIDIA Corporation\nview\nView.dll
MOD - [2011/12/02 13:24:04 | 008,527,008 | ---- | M] () -- E:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/03/21 22:10:36 | 000,096,112 | ---- | M] () -- E:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 22:10:00 | 001,230,704 | ---- | M] () -- E:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/20 03:23:30 | 000,380,416 | ---- | M] () -- E:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
MOD - [2009/01/15 09:19:00 | 000,466,944 | ---- | M] () -- E:\WINDOWS\system32\nvshell.dll
MOD - [2009/01/10 23:15:44 | 000,159,744 | ---- | M] () -- E:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll
MOD - [2009/01/10 23:14:06 | 000,023,552 | ---- | M] () -- E:\Program Files\Haali\MatroskaSplitter\mkunicode.dll
MOD - [2008/01/07 14:28:02 | 000,143,360 | ---- | M] () -- E:\Program Files\Razer\Lycosa\razertra.exe
MOD - [2007/09/20 19:34:58 | 000,129,024 | ---- | M] () -- E:\Program Files\WinRAR\RarExt.dll
MOD - [2000/05/20 17:23:48 | 000,086,016 | ---- | M] () -- E:\WINDOWS\StartupMonitor.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/27 10:05:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/04 17:15:34 | 002,163,024 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- F:\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- E:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- E:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/11/07 17:40:52 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- E:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/12/10 14:59:04 | 000,353,280 | ---- | M] (Nokia.) [On_Demand | Stopped] -- E:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- E:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Running] -- E:\DOCUME~1\karl\LOCALS~1\Temp\glwsanaj.sys -- (Micorsoft Windows Service)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\bdvedisk.sys -- (BDVEDISK)
DRV - File not found [File_System | On_Demand | Stopped] -- system32\DRIVERS\avckf.sys -- (avckf)
DRV - File not found [File_System | Unavailable | Unknown] -- system32\DRIVERS\avc3.sys -- (avc3)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\DOCUME~1\karl\LOCALS~1\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2012/06/09 01:40:19 | 000,032,072 | ---- | M] () [File_System | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- E:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/06 11:29:46 | 000,238,664 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
DRV - [2011/02/14 02:04:48 | 000,038,608 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- E:\WINDOWS\system32\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV - [2010/05/12 12:23:04 | 000,016,896 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\FlashUSB.sys -- (FlashUSB)
DRV - [2009/09/29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009/09/29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009/09/29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2009/06/17 10:56:18 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 10:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 10:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- E:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/05/20 22:32:28 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/11/19 17:09:10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/19 17:09:08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/19 17:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/09/26 10:52:00 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/07/23 13:05:48 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/04/13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/26 23:59:33 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/01/18 15:43:16 | 000,016,128 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\Lycosa.sys -- (LycoFltr)
DRV - [2007/08/07 10:40:38 | 000,098,944 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/06/13 16:47:12 | 000,048,256 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2005/08/10 15:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005/08/10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2003/02/12 12:16:10 | 000,389,504 | ---- | M] (ahead software) [File_System | Auto | Running] -- E:\WINDOWS\System32\drivers\bsudf.sys -- (BsUDF)
DRV - [2002/10/08 11:03:15 | 000,007,582 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- E:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)
DRV - [2002/06/06 00:07:00 | 000,009,344 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\bsstor.sys -- (BsStor)
DRV - [2001/08/17 15:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)
DRV - [2001/08/17 13:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home
IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {B5EDFBB0-9827-11DA-A72B-0800200C9A66}:0.7.2008093001
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: canitbecheaper@trafficbroker.co.uk:2.4
FF - prefs.js..extensions.enabledItems: fastYoutubeDownloader@yevgenyandrov.net:1.2.2
FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.8.1
FF - prefs.js..extensions.enabledItems: {ADA51547-FEF6-4b2c-8E96-EE45BDF53DE1}:1.6.0
FF - prefs.js..extensions.enabledItems: {ff356687-aa08-463d-a46c-11c451824939}:5.0.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: E:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: E:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: E:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: E:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: E:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2012/04/27 10:05:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2011/11/26 18:40:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: E:\Program Files\PriceGong\2.1.0\FF

[2010/12/26 20:14:34 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\karl\Application Data\Mozilla\Extensions
[2010/12/26 20:14:34 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\karl\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2012/05/06 09:48:19 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions
[2010/07/18 22:08:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/02/28 20:55:10 | 000,000,000 | ---D | M] (Orbit Yellow 2006) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\{71073f20-deb8-11da-95c9-00e08161165f}
[2008/08/27 23:01:25 | 000,000,000 | ---D | M] (Abstract Zune) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\{7ef7f4d6-947d-11dc-8314-0800200c9a66}
[2010/06/26 23:03:06 | 000,000,000 | ---D | M] (MozXP) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\{ADA51547-FEF6-4b2c-8E96-EE45BDF53DE1}
[2009/01/22 17:16:35 | 000,000,000 | ---D | M] ("Forecastfox l10n") -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\{B5EDFBB0-9827-11DA-A72B-0800200C9A66}
[2009/02/07 12:55:36 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010/06/26 23:07:18 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/05/10 12:46:14 | 000,000,000 | ---D | M] (British English Dictionary) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/10/27 22:35:40 | 000,000,000 | ---D | M] (FacePAD: Facebook Photo Album Downloader) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\facepad@lazyrussian.com
[2010/09/02 22:19:58 | 000,000,000 | ---D | M] (Fast Youtube Downloader) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\fastYoutubeDownloader@yevgenyandrov.net
[2012/03/20 00:02:28 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
[2011/11/24 15:34:06 | 000,042,737 | ---- | M] () (No name found) -- E:\DOCUMENTS AND SETTINGS\KARL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYDCAQ31.DEFAULT\EXTENSIONS\{AFF87FA2-A58E-4EDD-B852-0A20203C1E17}.XPI
[2011/05/10 12:46:14 | 000,060,249 | ---- | M] () (No name found) -- E:\DOCUMENTS AND SETTINGS\KARL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYDCAQ31.DEFAULT\EXTENSIONS\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}.XPI
[2012/02/19 22:48:23 | 000,246,025 | ---- | M] () (No name found) -- E:\DOCUMENTS AND SETTINGS\KARL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYDCAQ31.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
[2012/02/28 16:09:44 | 000,094,025 | ---- | M] () (No name found) -- E:\DOCUMENTS AND SETTINGS\KARL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYDCAQ31.DEFAULT\EXTENSIONS\CANITBECHEAPER@TRAFFICBROKER.CO.UK.XPI
[2012/04/27 10:05:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/10 23:36:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/27 10:04:58 | 000,001,525 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/05/11 18:46:31 | 000,002,191 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/04/27 10:04:58 | 000,002,252 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/27 10:04:58 | 000,000,935 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/27 10:04:58 | 000,001,166 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/27 10:04:58 | 000,002,040 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/04/27 10:04:58 | 000,001,121 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/02/12 16:56:59 | 000,000,698 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] E:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] E:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] E:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Lycosa] E:\Program Files\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] E:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] E:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] E:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [Philips Device Listener] E:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKLM..\Run: [Run StartupMonitor] E:\WINDOWS\StartupMonitor.exe ()
O4 - HKLM..\Run: [TrojanScanner] E:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004..\Run: [Akamai NetSession Interface] E:\Documents and Settings\karl\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004..\Run: [HP Photosmart 5510 series (NET)] E:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004..\Run: [YwvLwqew] E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe File not found
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPointII.lnk = E:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
O4 - Startup: E:\Documents and Settings\karl\Start Menu\Programs\Startup\Dropbox.lnk = E:\Documents and Settings\karl\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: E:\Documents and Settings\karl\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = E:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download with &Media Finder - E:\Program Files\Media Finder\hook.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - E:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/reso...an8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1204058397140 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://E:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://E:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5CE5140-596A-45AF-8805-CA7DF2FA4B8D}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\userinit.exe) - E:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe) - E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: E:\Documents and Settings\karl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Documents and Settings\karl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{01622bc4-7bf4-11e0-837d-000ee75003aa}\Shell - "" = AutoRun
O33 - MountPoints2\{01622bc4-7bf4-11e0-837d-000ee75003aa}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{01622bc4-7bf4-11e0-837d-000ee75003aa}\Shell\AutoRun\command - "" = H:\USBAutoRun.exe
O33 - MountPoints2\{bb9b3fdc-1123-11e0-8252-000ee75003aa}\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\{ee80ddc4-6a03-11de-bf39-000ee75003aa}\Shell - "" = AutoRun
O33 - MountPoints2\{ee80ddc4-6a03-11de-bf39-000ee75003aa}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ee80ddc4-6a03-11de-bf39-000ee75003aa}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/15 07:39:29 | 000,596,480 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\karl\Desktop\OTL.exe
[2012/06/15 07:38:02 | 000,000,000 | ---D | C] -- E:\Documents and Settings\karl\Desktop\15-06-2012
[2012/06/12 11:33:19 | 000,000,000 | ---D | C] -- E:\WINDOWS\ERDNT
[2012/06/12 11:32:13 | 000,000,000 | ---D | C] -- E:\Program Files\ERUNT
[2012/06/12 11:32:13 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/06/09 10:09:46 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/09 10:09:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\karl\My Documents\Simply Super Software
[2012/06/09 10:08:30 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Trojan Remover
[2012/06/09 10:08:29 | 000,598,528 | ---- | C] (Igor Pavlov) -- E:\WINDOWS\System32\ztv7z.dll
[2012/06/09 10:08:29 | 000,069,632 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\ztvcabinet.dll
[2012/06/09 10:08:28 | 000,000,000 | ---D | C] -- E:\Program Files\Trojan Remover
[2012/06/09 10:08:28 | 000,000,000 | ---D | C] -- E:\Documents and Settings\karl\Application Data\Simply Super Software
[2012/06/09 10:08:28 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Simply Super Software
[2012/06/09 00:50:26 | 000,000,000 | ---D | C] -- E:\Documents and Settings\karl\Application Data\SUPERAntiSpyware.com
[2012/06/09 00:49:53 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/06/09 00:49:50 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/06/09 00:49:50 | 000,000,000 | ---D | C] -- E:\Program Files\SUPERAntiSpyware
[2012/06/08 23:55:36 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2012/06/08 23:55:36 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/08 00:06:38 | 000,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2012/06/07 02:08:22 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Bitdefender
[2012/06/07 02:07:45 | 000,000,000 | ---D | C] -- E:\Documents and Settings\karl\Application Data\Bitdefender
[2012/06/07 01:12:46 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Bitdefender 2012
[2012/06/07 00:40:46 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\BDLogging
[2012/06/07 00:01:01 | 000,000,000 | ---D | C] -- E:\Documents and Settings\karl\Application Data\QuickScan
[2012/06/06 23:33:34 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\SWF Studio
[2012/06/05 09:43:00 | 000,000,000 | ---D | C] -- E:\Program Files\Dropbox
[2012/06/05 00:21:38 | 000,000,000 | -HSD | C] -- E:\Diskeeper
[2012/06/03 00:02:07 | 000,038,608 | ---- | C] (Diskeeper Corporation) -- E:\WINDOWS\System32\drivers\DKRtWrt.sys
[2012/06/03 00:02:03 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Diskeeper Corporation
[2012/06/03 00:02:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Diskeeper Corporation
[2012/06/03 00:02:02 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2012/06/03 00:01:59 | 000,000,000 | ---D | C] -- E:\Program Files\Windows Home Server
[2012/05/25 09:53:58 | 000,000,000 | ---D | C] -- E:\Documents and Settings\karl\My Documents\Warzone 2100 2.3
[2012/05/25 09:51:56 | 000,444,952 | ---- | C] (Creative Labs) -- E:\WINDOWS\System32\wrap_oal.dll
[2012/05/25 09:51:56 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- E:\WINDOWS\System32\OpenAL32.dll
[2012/05/25 09:51:56 | 000,000,000 | ---D | C] -- E:\Program Files\OpenAL
[696 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[18 E:\WINDOWS\Fonts\*.tmp files -> E:\WINDOWS\Fonts\*.tmp -> ]
[18 E:\WINDOWS\Fonts\*.tmp files -> E:\WINDOWS\Fonts\*.tmp -> ]
[15 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/17 10:03:00 | 000,444,506 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2012/06/17 10:03:00 | 000,072,914 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
[2012/06/17 10:01:00 | 000,000,330 | ---- | M] () -- E:\WINDOWS\tasks\HP Photo Creations Messager.job
[2012/06/17 09:55:58 | 000,013,646 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2012/06/17 09:55:56 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2012/06/15 07:39:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\karl\Desktop\OTL.exe
[2012/06/12 11:33:03 | 000,000,767 | ---- | M] () -- E:\Documents and Settings\karl\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/06/12 11:32:13 | 000,000,611 | ---- | M] () -- E:\Documents and Settings\karl\Desktop\NTREGOPT.lnk
[2012/06/12 11:32:13 | 000,000,592 | ---- | M] () -- E:\Documents and Settings\karl\Desktop\ERUNT.lnk
[2012/06/09 01:40:19 | 000,032,072 | ---- | M] () -- E:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/06/09 01:04:10 | 001,012,656 | ---- | M] () -- E:\Documents and Settings\karl\Desktop\r.exe
[2012/06/09 00:49:53 | 000,001,678 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/08 23:28:57 | 000,143,254 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339194224.bdinstall.bin
[2012/06/08 17:19:14 | 000,107,095 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339172179.bdinstall.bin
[2012/06/08 16:54:06 | 000,100,834 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339170750.bdinstall.bin
[2012/06/08 16:37:33 | 000,022,015 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169853.376.bin
[2012/06/08 16:37:33 | 000,001,392 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2840.bin
[2012/06/08 16:37:33 | 000,000,459 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2848.bin
[2012/06/08 16:37:33 | 000,000,459 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2844.bin
[2012/06/08 16:37:33 | 000,000,459 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2836.bin
[2012/06/08 16:37:33 | 000,000,420 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2852.bin
[2012/06/08 16:35:26 | 000,131,292 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169604.bdinstall.bin
[2012/06/08 16:29:36 | 000,012,992 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169364.bdinstall.bin
[2012/06/08 16:28:53 | 000,087,090 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169319.bdinstall.bin
[2012/06/07 03:01:05 | 000,088,855 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339034451.bdinstall.bin
[2012/06/07 02:56:38 | 000,057,606 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339032990.3600.bin
[2012/06/07 02:56:38 | 000,023,744 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339032990.3572.bin
[2012/06/07 02:56:38 | 000,008,392 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339032990.1316.bin
[2012/06/07 02:56:38 | 000,001,766 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339032990.2740.bin
[2012/06/07 02:36:30 | 000,019,985 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339032990.bdinstall.bin
[2012/06/07 02:24:05 | 000,000,385 | ---- | M] () -- E:\WINDOWS\System32\user_gensett.xml
[2012/06/07 02:10:00 | 000,218,230 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339030941.bdinstall.bin
[2012/06/07 02:00:31 | 000,012,993 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339030829.bdinstall.bin
[2012/06/07 02:00:17 | 000,427,125 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339030458.bdinstall.bin
[2012/06/07 01:54:10 | 000,024,578 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339028487.2404.bin
[2012/06/07 01:54:10 | 000,017,885 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339028487.5872.bin
[2012/06/07 01:54:10 | 000,007,727 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339028487.5212.bin
[2012/06/07 01:54:10 | 000,005,399 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339028487.2472.bin
[2012/06/07 01:21:27 | 000,019,990 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339028486.bdinstall.bin
[2012/06/07 01:14:00 | 000,153,328 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339027849.bdinstall.bin
[2012/06/07 01:10:48 | 000,019,984 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339027848.bdinstall.bin
[2012/06/07 00:37:32 | 000,285,498 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339023653.bdinstall.bin
[2012/06/07 00:05:27 | 000,000,000 | -H-- | M] () -- E:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/06/07 00:05:26 | 000,000,000 | -H-- | M] () -- E:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/06/06 23:26:01 | 000,000,121 | ---- | M] () -- E:\WINDOWS\bdagent.INI
[2012/06/06 06:19:57 | 000,081,984 | ---- | M] () -- E:\WINDOWS\System32\bdod.bin
[2012/06/05 09:43:05 | 000,001,021 | ---- | M] () -- E:\Documents and Settings\karl\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/05 09:42:53 | 000,001,003 | ---- | M] () -- E:\Documents and Settings\karl\Desktop\Dropbox.lnk
[2012/06/04 23:18:15 | 000,001,355 | ---- | M] () -- E:\WINDOWS\imsins.BAK
[2012/06/02 19:30:37 | 000,093,696 | ---- | M] () -- E:\Documents and Settings\karl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/31 14:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/25 09:51:56 | 000,444,952 | ---- | M] (Creative Labs) -- E:\WINDOWS\System32\wrap_oal.dll
[2012/05/25 09:51:56 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- E:\WINDOWS\System32\OpenAL32.dll
[2012/05/25 09:51:55 | 000,000,605 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Warzone 2100.lnk
[2012/05/25 09:49:40 | 000,000,032 | ---- | M] () -- E:\WINDOWS\CD_Start.INI
[2012/05/24 08:56:54 | 000,212,880 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[696 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[15 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/12 14:55:52 | 000,002,185 | ---- | C] () -- E:\Documents and Settings\karl\Start Menu\Programs\Stop StartupMonitor.lnk
[2012/06/12 11:33:03 | 000,000,767 | ---- | C] () -- E:\Documents and Settings\karl\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/06/12 11:32:13 | 000,000,611 | ---- | C] () -- E:\Documents and Settings\karl\Desktop\NTREGOPT.lnk
[2012/06/12 11:32:13 | 000,000,592 | ---- | C] () -- E:\Documents and Settings\karl\Desktop\ERUNT.lnk
[2012/06/12 11:18:49 | 000,001,687 | ---- | C] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2012/06/12 11:18:49 | 000,001,657 | ---- | C] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPointII.lnk
[2012/06/12 11:18:49 | 000,001,021 | ---- | C] () -- E:\Documents and Settings\karl\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/09 10:08:29 | 000,178,176 | ---- | C] () -- E:\WINDOWS\System32\ztvunrar39.dll
[2012/06/09 10:08:29 | 000,162,304 | ---- | C] () -- E:\WINDOWS\System32\ztvunrar36.dll
[2012/06/09 10:08:29 | 000,153,088 | ---- | C] () -- E:\WINDOWS\System32\UNRAR3.dll
[2012/06/09 10:08:29 | 000,077,312 | ---- | C] () -- E:\WINDOWS\System32\ztvunace26.dll
[2012/06/09 10:08:29 | 000,075,264 | ---- | C] () -- E:\WINDOWS\System32\unacev2.dll
[2012/06/09 01:35:17 | 001,012,656 | ---- | C] () -- E:\Documents and Settings\karl\Desktop\r.exe
[2012/06/09 00:49:53 | 000,001,678 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/08 23:57:03 | 000,032,072 | ---- | C] () -- E:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/06/08 23:28:57 | 000,143,254 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339194224.bdinstall.bin
[2012/06/08 17:19:14 | 000,107,095 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339172179.bdinstall.bin
[2012/06/08 16:54:06 | 000,100,834 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339170750.bdinstall.bin
[2012/06/08 16:37:33 | 000,022,015 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169853.376.bin
[2012/06/08 16:37:33 | 000,001,392 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2840.bin
[2012/06/08 16:37:33 | 000,000,459 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2848.bin
[2012/06/08 16:37:33 | 000,000,459 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2844.bin
[2012/06/08 16:37:33 | 000,000,459 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2836.bin
[2012/06/08 16:37:33 | 000,000,420 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2852.bin
[2012/06/08 16:35:26 | 000,131,292 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169604.bdinstall.bin
[2012/06/08 16:29:36 | 000,012,992 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169364.bdinstall.bin
[2012/06/08 16:28:53 | 000,087,090 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169319.bdinstall.bin
[2012/06/07 03:01:05 | 000,088,855 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339034451.bdinstall.bin
[2012/06/07 02:36:32 | 000,057,606 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339032990.3600.bin
[2012/06/07 02:36:31 | 000,008,392 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339032990.1316.bin
[2012/06/07 02:36:31 | 000,001,766 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339032990.2740.bin
[2012/06/07 02:36:30 | 000,023,744 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339032990.3572.bin
[2012/06/07 02:36:30 | 000,019,985 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339032990.bdinstall.bin
[2012/06/07 02:24:05 | 000,000,385 | ---- | C] () -- E:\WINDOWS\System32\user_gensett.xml
[2012/06/07 02:10:00 | 000,218,230 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339030941.bdinstall.bin
[2012/06/07 02:00:31 | 000,012,993 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339030829.bdinstall.bin
[2012/06/07 02:00:17 | 000,427,125 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339030458.bdinstall.bin
[2012/06/07 01:21:30 | 000,017,885 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339028487.5872.bin
[2012/06/07 01:21:28 | 000,007,727 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339028487.5212.bin
[2012/06/07 01:21:27 | 000,024,578 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339028487.2404.bin
[2012/06/07 01:21:27 | 000,019,990 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339028486.bdinstall.bin
[2012/06/07 01:21:27 | 000,005,399 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339028487.2472.bin
[2012/06/07 01:14:00 | 000,153,328 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339027849.bdinstall.bin
[2012/06/07 01:10:48 | 000,019,984 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339027848.bdinstall.bin
[2012/06/07 00:37:32 | 000,285,498 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339023653.bdinstall.bin
[2012/06/07 00:05:27 | 000,000,000 | -H-- | C] () -- E:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/06/07 00:05:26 | 000,000,000 | -H-- | C] () -- E:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/05/25 09:51:55 | 000,000,605 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Warzone 2100.lnk
[2012/05/25 09:49:39 | 000,000,032 | ---- | C] () -- E:\WINDOWS\CD_Start.INI
[2012/02/24 16:48:10 | 000,292,700 | ---- | C] () -- E:\WINDOWS\System32\nvdrsdb1.bin
[2012/02/24 16:48:10 | 000,292,700 | ---- | C] () -- E:\WINDOWS\System32\nvdrsdb0.bin
[2012/02/24 16:48:10 | 000,000,001 | ---- | C] () -- E:\WINDOWS\System32\nvdrssel.bin
[2012/02/24 16:47:46 | 002,783,770 | ---- | C] () -- E:\WINDOWS\System32\nvdata.data
[2012/02/17 00:41:36 | 000,003,072 | ---- | C] () -- E:\WINDOWS\System32\iacenc.dll
[2012/01/27 15:35:21 | 000,000,057 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\Ament.ini
[2011/05/11 19:18:44 | 000,053,248 | ---- | C] () -- E:\WINDOWS\System32\CommonDL.dll
[2011/05/11 19:18:44 | 000,002,413 | ---- | C] () -- E:\WINDOWS\System32\lgAxconfig.ini
[2011/05/08 21:53:13 | 000,085,504 | ---- | C] () -- E:\WINDOWS\System32\ff_vfw.dll
[2010/10/11 23:17:21 | 000,000,760 | ---- | C] () -- E:\Documents and Settings\karl\Application Data\setup_ldm.iss

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

and.......

**Baydon** · 2012-06-17, 12:36

OTL Extras logfile created on: 17/06/2012 10:23:36 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = E:\Documents and Settings\karl\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.58% Memory free
3.85 Gb Paging File | 2.96 Gb Available in Paging File | 76.91% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 186.27 Gb Total Space | 36.68 Gb Free Space | 19.69% Space Free | Partition Type: NTFS
Drive E: | 368.10 Gb Total Space | 77.33 Gb Free Space | 21.01% Space Free | Partition Type: NTFS
Drive F: | 97.65 Gb Total Space | 45.23 Gb Free Space | 46.31% Space Free | Partition Type: NTFS

Computer Name: CATACOMB | User Name: karl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
http [open] -- "E:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "E:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"58116:TCP" = 58116:TCP:*:Enabled:Pando Media Booster
"58116:UDP" = 58116:UDP:*:Enabled:Pando Media Booster
"57134:TCP" = 57134:TCP:*:Enabled:Pando Media Booster
"57134:UDP" = 57134:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"58116:TCP" = 58116:TCP:*:Enabled:Pando Media Booster
"58116:UDP" = 58116:UDP:*:Enabled:Pando Media Booster
"57134:TCP" = 57134:TCP:*:Enabled:Pando Media Booster
"57134:UDP" = 57134:UDP:*:Enabled:Pando Media Booster
"1109:TCP" = 1109:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"E:\Program Files\Pando Networks\Media Booster\PMB.exe" = E:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CCP\EVE\bin\ExeFile.exe" = C:\Program Files\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile
"E:\Program Files\Games\CCP\EVE\bin\ExeFile.exe" = E:\Program Files\Games\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile
"E:\Program Files\Games\Copy of CCP\EVE\bin\ExeFile.exe" = E:\Program Files\Games\Copy of CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
"E:\Program Files\uTorrent\uTorrent.exe" = E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"E:\Program Files\Games\Chaos Gate\WH40K.exe" = E:\Program Files\Games\Chaos Gate\WH40K.exe:*:Disabled:WH40K
"E:\Program Files\DNA\btdna.exe" = E:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"E:\Program Files\Ventrilo\Ventrilo.exe" = E:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"E:\Program Files\Games\Turbine\Turbine Download Manager\TurbineMessageService.exe" = E:\Program Files\Games\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService
"E:\Program Files\Games\Turbine\Turbine Download Manager\TurbineNetworkService.exe" = E:\Program Files\Games\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService
"E:\Program Files\Games\neverwinter nights 2\nwn2main.exe" = E:\Program Files\Games\neverwinter nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main
"E:\Program Files\Games\neverwinter nights 2\nwn2main_amdxp.exe" = E:\Program Files\Games\neverwinter nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD
"E:\Program Files\Games\neverwinter nights 2\nwupdate.exe" = E:\Program Files\Games\neverwinter nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater
"E:\Program Files\Games\neverwinter nights 2\nwn2server.exe" = E:\Program Files\Games\neverwinter nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server
"H:\AnarchyOnline_18.1.1-Small.exe" = H:\AnarchyOnline_18.1.1-Small.exe:*:Enabled:Anarchy Online
"E:\Program Files\Pando Networks\Media Booster\PMB.exe" = E:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"E:\Program Files\Games\Steam\steamapps\common\left 4 dead\left4dead.exe" = E:\Program Files\Games\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"E:\Documents and Settings\karl\Local Settings\Application Data\Akamai\netsession_win.exe" = E:\Documents and Settings\karl\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface -- (Akamai Technologies, Inc)
"E:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = E:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"E:\Documents and Settings\karl\Application Data\Dropbox\bin\Dropbox.exe" = E:\Documents and Settings\karl\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"E:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe" = E:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Photosmart 5510 series) -- (Hewlett-Packard Co.)
"E:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe" = E:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP Photosmart 5510 series) -- (Hewlett-Packard Co.)
"E:\Program Files\Games\Steam\steamapps\common\star trek online\Star Trek Online.exe" = E:\Program Files\Games\Steam\steamapps\common\star trek online\Star Trek Online.exe:*:Enabled:Star Trek Online -- ()
"E:\Program Files\Games\Steam\steamapps\common\magic the gathering tactics\LaunchPad.exe" = E:\Program Files\Games\Steam\steamapps\common\magic the gathering tactics\LaunchPad.exe:*:Enabled:Magic: The Gathering â€“ Tactics -- ()
"E:\Program Files\Games\Steam\steamapps\common\legend of grimrock\grimrock.exe" = E:\Program Files\Games\Steam\steamapps\common\legend of grimrock\grimrock.exe:*:Enabled:Legend of Grimrock -- ()
"E:\Program Files\Games\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = E:\Program Files\Games\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"E:\Program Files\Games\Steam\steamapps\common\killingfloor\System\KillingFloor.exe" = E:\Program Files\Games\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor -- ()
"E:\WINDOWS\system32\mmc.exe" = E:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{06604771-5346-492A-93C1-486B6CCD10AD}" = MP3 Player
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}" = Nokia Connectivity Cable Driver
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0F8BF571-2F67-4D9C-A844-F5B202A7357F}" = Diskeeper 2011 Professional
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14AFF408-F4FB-4F71-B9A3-C6A1096802BF}" = HP Photosmart 5510 series Basic Device Software
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29466F9C-7C6A-419C-B301-F440FAF78760}" = Nokia PC Suite
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{34B9B494-EF4A-4592-87A8-BE40D0442E86}" = Dawn of War - Soulstorm
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{461B11E8-BF34-4ACB-962A-1CBE905BD9EB}" = LG United Mobile Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{76EFAC4F-1712-401F-B2AE-590B170C9BCE}" = StartupMonitor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}" = User's Guides
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}" = PC Connectivity Solution
"{C067C316-4036-4E97-B013-21DCBE649F81}_is1" = Race for the Galaxy version 0.8.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = Uninstall LG PC Suite III
"{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}" = HP Photosmart 5510 series Help
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1670367-C07F-411f-A196-79D2C65CBEC0}" = PS8200
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = The Lord of the Rings Online™ v03.02.04.8010
"593AFD5277FA19E67C70E56534B45B0DDD9ED9FE" = Windows Driver Package - Razer (HidUsb) HIDClass (01/11/2007 1.0)
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows Driver Package - Nokia Modem (10/12/2007 3.6)
"7-Zip" = 7-Zip 4.65
"819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Anarchy Online_is1" = Anarchy Online
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"DCoder Image Source" = DCoder Image Source (remove only)
"DirectVobSub" = DirectVobSub (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"DVD Flick_is1" = DVD Flick 1.3.0.7
"ERUNT_is1" = ERUNT 1.1j
"EsetOnlineScanner" = ESET Online Scanner
"ffdshow_is1" = ffdshow [rev 3124] [2009-11-03]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Full Pack" = Full Pack Codecs
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"HaaliMkx" = Haali Media Splitter
"HarvEX" = HarvEX
"Hero Lab V3.6e" = Hero Lab V3.6e
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Photo Creations" = HP Photo Creations
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InCD!UninstallKey" = Ahead InCD
"Jagged Alliance - Back in Action_is1" = Jagged Alliance - Back in Action
"Legend of Grimrock" = Legend of Grimrock
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MechWarrior Mercenaries" = MechWarrior 4 Mercenaries
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MRW!UninstallKey" = Ahead InCD EasyWrite Reader
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Ahead Nero - Burning Rom
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenAL" = OpenAL
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"PDFCanvas V1.5" = PDFCanvas V1.5
"Philips Songbird" = Philips Songbird
"PunkBusterSvc" = PunkBuster Services
"Race for the Galaxy_is1" = Race for the Galaxy 0.6.1
"RealMedia" = RealMedia (remove only)
"RealPlayer 6.0" = RealPlayer
"SHOUTcast Source" = SHOUTcast Source (remove only)
"ST Movie Computer.scr" = ST Movie Computer ScreenSaver
"ST6UNST #1" = Full Thrust Ship Creator
"ST6UNST #2" = Full Thrust Ship Creator (h:\Full Thrust\Ship Creator\)
"Steam App 1250" = Killing Floor
"Steam App 201190" = Magic: The Gathering – Tactics
"Steam App 207170" = Legend of Grimrock
"Steam App 220" = Half-Life 2
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 35420" = Killing Floor Mod: Defence Alliance 2
"Steam App 360" = Half-Life Deathmatch: Source
"Steam App 380" = Half-Life 2: Episode One
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 9900" = Star Trek Online
"SystemRequirementsLab" = System Requirements Lab
"Trojan Remover_is1" = Trojan Remover 6.8.3
"U212 Media Kit" = U212 Media Kit
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Warhammer 40,000: Chaos Gate" = Warhammer 40,000: Chaos Gate
"Warzone 2100" = Warzone 2100
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"WinAVIVideoConverter_is1" = WinAVIVideoConverter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 02/06/2012 19:02:09 | Computer Name = CATACOMB | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 02/06/2012 19:02:09 | Computer Name = CATACOMB | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 05/06/2012 14:17:36 | Computer Name = CATACOMB | Source = Application Error | ID = 1000
Description = Faulting application left4dead2.exe, version 0.0.0.0, faulting module
studiorender.dll, version 0.0.0.0, fault address 0x0000c7f3.

Error - 06/06/2012 19:03:31 | Computer Name = CATACOMB | Source = MsiInstaller | ID = 11704
Description = Product: Bitdefender Total Security 2012 -- Error 1704. An installation
for BitDefender GameSafe is currently suspended. You must undo the changes made
by that installation to continue. Do you want to undo those changes?

Error - 06/06/2012 20:12:26 | Computer Name = CATACOMB | Source = MsiInstaller | ID = 11404
Description = Product: BitDefender GameSafe -- Error 1404. Could not delete key
\SYSTEM\CurrentControlSet\Services\bdfsfltr. System error . Verify that you have
sufficient access to that key, or contact your support personnel.

Error - 06/06/2012 21:05:49 | Computer Name = CATACOMB | Source = MsiInstaller | ID = 11704
Description = Product: BitDefender GameSafe -- Error 1704. An installation for Bitdefender
Total Security 2012 is currently suspended. You must undo the changes made by
that installation to continue. Do you want to undo those changes?

[ System Events ]
Error - 14/06/2012 11:09:55 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 15/06/2012 02:34:44 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%230

Error - 15/06/2012 02:34:47 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BDVEDISK

Error - 15/06/2012 11:32:14 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%230

Error - 15/06/2012 11:32:14 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BDVEDISK

Error - 16/06/2012 04:24:31 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the MBAMService service to
connect.

Error - 16/06/2012 04:24:31 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%1053

Error - 16/06/2012 04:24:34 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BDVEDISK

Error - 17/06/2012 04:56:11 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BDVEDISK

Error - 17/06/2012 05:01:57 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

< End of report >

I could not download aswMBR on this comp so I downloaded on my wifes laptop and ported it over on a flash drive, installed it but it did not download the Avast! program...

a line appeared saying "AVAST engine download error: 0"

I ran the scan option anyway nad here is the log...

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-17 11:12:50
-----------------------------
11:12:50.390 OS Version: Windows 5.1.2600 Service Pack 3
11:12:50.390 Number of processors: 2 586 0xF0B
11:12:50.390 ComputerName: CATACOMB UserName: karl
11:12:51.218 Initialize success
11:12:54.156 AVAST engine download error: 0
11:28:42.890 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
11:28:42.890 Disk 0 Vendor: SAMSUNG_HD501LJ CR100-10 Size: 476938MB BusType: 3
11:28:42.890 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
11:28:42.890 Disk 1 Vendor: WDC_WD2000JD-00HBB0 08.02D08 Size: 190782MB BusType: 3
11:28:42.906 Disk 1 MBR read successfully
11:28:42.906 Disk 1 MBR scan
11:28:42.906 Disk 1 Windows XP default MBR code
11:28:42.906 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 190740 MB offset 63
11:28:42.906 Disk 1 scanning sectors +390636540
11:28:42.968 Disk 1 scanning E:\WINDOWS\system32\drivers
11:28:48.562 Service scanning
11:28:55.062 Service sptd E:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
11:28:56.828 Modules scanning
11:29:16.593 Disk 1 trace - called modules:
11:29:16.593 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys spvs.sys >>UNKNOWN [0x8a9c3938]<<
11:29:16.593 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a980ab8]
11:29:16.593 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000071[0x8a960f18]
11:29:16.593 5 ACPI.sys[b7e67620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-c[0x8a908d98]
11:29:16.593 \Driver\atapi[0x8a964030] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xb80c98b4]
11:29:16.593 Scan finished successfully
11:32:37.046 Disk 1 MBR has been saved successfully to "E:\Documents and Settings\karl\Desktop\MBR.dat"
11:32:37.046 The log file has been saved successfully to "E:\Documents and Settings\karl\Desktop\aswMBR.log"

Kind regards
Karl

**Baydon** · 2012-06-17, 12:40

Sorry but I cannot post the other item as when I click on it the msg "unexpected file format" appears..

Regards
Karl

Thread: cannot install or use safe mode & blocked from security sites

Thread Tools

Display

cannot install or use safe mode & blocked from security sites

Tags for this Thread

Posting Permissions