cannot install or use safe mode & blocked from security sites

[maxi]

Hi Baydon,

This is fairly messy and we have alot to to. More than lightly your problems have been caused from P2P filesharing. I am going to ask you to remove the P2P program before we begin and also I will give you some information on some of the other program you have installed.

Remove P2P Programs

• I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
  
  

  µTorrent

• Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  
• Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
  
  
• Click on Start > All programs > Accessories > Run.
• In the open text box copy/paste appwiz.cpl Then click Ok.
• Uninstall the programs listed above (in red) and any other P2P you have installed NOW.
• Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Pando Media Booster
This program uses bits and pieces of files from different people when it puts together a download.
This amounts to file sharing, and may not be totally safe. The program itself is OK, but it's the sharing that is better avoided. I would recommend you remove it from your computer.



PunkBuster warning

I noticed you have PunkBuster installed... read the "Published features" section.
PunkBuster can take control over various aspects of your computer and some gaming tools not unlike PunkBuster, also hinder their removals.
By the definition we use, PunkBuster is actual spyware. Therefore, I'm asking you to choose one of the following options:

1. We "try" to leave PunkBuster alone... however, there is no guarantee a spyware component doesn't "inadvertently" get taken out... so PunkBuster might fail. This will also prevent you from playing games using PunkBuster enabled servers.
2. We can just remove PunkBuster. You can reinstall it afterwards if you wish, but please keep in mind that we do consider it spyware.
3. We can not clean this computer at all. This ensures PunkBuster will continue to function.

If you choose to remove PunkBuster, please perform the uninstall steps below. Otherwise, let me know what other option you chose.

Uninstall PunkBuster
Using the normal uninstall methods... Control Panel - Add/Remove Programs (XP) or Programs and Features (Vista - W7)
Uninstall PunkBuster
PunkBuster Services
Any other Punk Buster entries...

If there are any remnants left... you can use the Punk Buster Uninstall process:
Please download PBSVC Setup Program. Save it to your desktop.

1. Double click on pbsvc.exe to start it... then click Uninstall.
   Vista/W7 users: right-click on pbsvc.exe, then select "Run As Administrator". If UAC prompts, please allow it.
   Once that's finished...
2. Click Start > Run and copy and paste the following into the open text box:
   
   Code:

   cmd /c for %i in (A B K) do sc delete PnkBstr%i

3. Click OK. A black box will flash very briefly, this is normal.
4. Double click My Computer on your desktop and browse to C:\windows\system32\drivers
5. Locate the file: PnkBstrK.sys... if found delete it.

Let me know if you performed these steps successfully.


Please run a new scan with OTL when you have done the above.

Regards maxi

[Baydon]

here are the new logs.


OTL logfile created on: 19/06/2012 12:01:16 - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = E:\Documents and Settings\karl\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.79% Memory free
3.85 Gb Paging File | 3.14 Gb Available in Paging File | 81.63% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 186.27 Gb Total Space | 36.68 Gb Free Space | 19.69% Space Free | Partition Type: NTFS
Drive E: | 368.10 Gb Total Space | 138.11 Gb Free Space | 37.52% Space Free | Partition Type: NTFS
Drive F: | 97.65 Gb Total Space | 27.77 Gb Free Space | 28.44% Space Free | Partition Type: NTFS

Computer Name: CATACOMB | User Name: karl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/15 07:39:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\karl\Desktop\OTL.exe
PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- E:\Documents and Settings\karl\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/05/21 21:38:02 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/05/08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- E:\Documents and Settings\karl\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/04/27 10:05:00 | 000,924,600 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/04 17:15:34 | 002,163,024 | ---- | M] (Diskeeper Corporation) -- F:\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- E:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/05/25 18:23:16 | 001,801,064 | ---- | M] (Hewlett-Packard Co.) -- E:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
PRC - [2011/03/21 22:10:00 | 001,230,704 | ---- | M] () -- E:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/11/20 03:23:30 | 000,380,416 | ---- | M] () -- E:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
PRC - [2009/07/21 10:17:46 | 000,323,584 | ---- | M] (Logitech Inc.) -- E:\Program Files\Logitech\SetPoint II\SetPointII.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- E:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/11/07 17:43:36 | 000,809,488 | ---- | M] (Logitech, Inc.) -- E:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe
PRC - [2008/01/07 14:28:02 | 000,143,360 | ---- | M] () -- E:\Program Files\Razer\Lycosa\razertra.exe
PRC - [2007/11/20 17:53:36 | 000,147,456 | ---- | M] (Razer USA Ltd.) -- E:\Program Files\Razer\Lycosa\razerhid.exe
PRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- E:\WINDOWS\system32\HPZipm12.exe
PRC - [2000/05/20 17:23:48 | 000,086,016 | ---- | M] () -- E:\WINDOWS\StartupMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/19 11:50:29 | 000,065,024 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/06/19 11:50:29 | 000,052,736 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/06/09 00:50:35 | 000,117,760 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/06/09 00:50:35 | 000,052,224 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/04/27 10:05:00 | 001,952,696 | ---- | M] () -- E:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/10 05:10:00 | 001,568,576 | ---- | M] () -- E:\Program Files\NVIDIA Corporation\nview\nView.dll
MOD - [2011/03/21 22:10:36 | 000,096,112 | ---- | M] () -- E:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 22:10:00 | 001,230,704 | ---- | M] () -- E:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/20 03:23:30 | 000,380,416 | ---- | M] () -- E:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
MOD - [2009/01/15 09:19:00 | 000,466,944 | ---- | M] () -- E:\WINDOWS\system32\nvshell.dll
MOD - [2009/01/10 23:15:44 | 000,159,744 | ---- | M] () -- E:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll
MOD - [2009/01/10 23:14:06 | 000,023,552 | ---- | M] () -- E:\Program Files\Haali\MatroskaSplitter\mkunicode.dll
MOD - [2008/01/07 14:28:02 | 000,143,360 | ---- | M] () -- E:\Program Files\Razer\Lycosa\razertra.exe
MOD - [2000/05/20 17:23:48 | 000,086,016 | ---- | M] () -- E:\WINDOWS\StartupMonitor.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/27 10:05:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/04 17:15:34 | 002,163,024 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- F:\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- E:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- E:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/11/07 17:40:52 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- E:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/12/10 14:59:04 | 000,353,280 | ---- | M] (Nokia.) [On_Demand | Stopped] -- E:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- E:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\DOCUME~1\karl\LOCALS~1\Temp\glwsanaj.sys -- (Micorsoft Windows Service)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\bdvedisk.sys -- (BDVEDISK)
DRV - File not found [File_System | On_Demand | Stopped] -- system32\DRIVERS\avckf.sys -- (avckf)
DRV - File not found [File_System | Unavailable | Unknown] -- system32\DRIVERS\avc3.sys -- (avc3)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\DOCUME~1\karl\LOCALS~1\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2012/06/09 01:40:19 | 000,032,072 | ---- | M] () [File_System | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- E:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/06 11:29:46 | 000,238,664 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
DRV - [2011/02/14 02:04:48 | 000,038,608 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- E:\WINDOWS\system32\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV - [2010/05/12 12:23:04 | 000,016,896 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\FlashUSB.sys -- (FlashUSB)
DRV - [2009/09/29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009/09/29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009/09/29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2009/06/17 10:56:18 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 10:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 10:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- E:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/05/20 22:32:28 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/11/19 17:09:10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/19 17:09:08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/19 17:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/09/26 10:52:00 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/07/23 13:05:48 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/04/13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/26 23:59:33 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/01/18 15:43:16 | 000,016,128 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\Lycosa.sys -- (LycoFltr)
DRV - [2007/08/07 10:40:38 | 000,098,944 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/06/13 16:47:12 | 000,048,256 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2005/08/10 15:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005/08/10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2003/02/12 12:16:10 | 000,389,504 | ---- | M] (ahead software) [File_System | Auto | Running] -- E:\WINDOWS\System32\drivers\bsudf.sys -- (BsUDF)
DRV - [2002/10/08 11:03:15 | 000,007,582 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- E:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)
DRV - [2002/06/06 00:07:00 | 000,009,344 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\bsstor.sys -- (BsStor)
DRV - [2001/08/17 15:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)
DRV - [2001/08/17 13:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home
IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {B5EDFBB0-9827-11DA-A72B-0800200C9A66}:0.7.2008093001
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: canitbecheaper@trafficbroker.co.uk:2.4
FF - prefs.js..extensions.enabledItems: fastYoutubeDownloader@yevgenyandrov.net:1.2.2
FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.8.1
FF - prefs.js..extensions.enabledItems: {ADA51547-FEF6-4b2c-8E96-EE45BDF53DE1}:1.6.0
FF - prefs.js..extensions.enabledItems: {ff356687-aa08-463d-a46c-11c451824939}:5.0.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: E:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: E:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: E:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: E:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2012/04/27 10:05:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2011/11/26 18:40:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: E:\Program Files\PriceGong\2.1.0\FF

[2010/12/26 20:14:34 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\karl\Application Data\Mozilla\Extensions
[2010/12/26 20:14:34 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\karl\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2012/05/06 09:48:19 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions
[2010/07/18 22:08:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/02/28 20:55:10 | 000,000,000 | ---D | M] (Orbit Yellow 2006) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\{71073f20-deb8-11da-95c9-00e08161165f}
[2008/08/27 23:01:25 | 000,000,000 | ---D | M] (Abstract Zune) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\{7ef7f4d6-947d-11dc-8314-0800200c9a66}
[2010/06/26 23:03:06 | 000,000,000 | ---D | M] (MozXP) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\{ADA51547-FEF6-4b2c-8E96-EE45BDF53DE1}
[2009/01/22 17:16:35 | 000,000,000 | ---D | M] ("Forecastfox l10n") -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\{B5EDFBB0-9827-11DA-A72B-0800200C9A66}
[2009/02/07 12:55:36 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010/06/26 23:07:18 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/05/10 12:46:14 | 000,000,000 | ---D | M] (British English Dictionary) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/10/27 22:35:40 | 000,000,000 | ---D | M] (FacePAD: Facebook Photo Album Downloader) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\facepad@lazyrussian.com
[2010/09/02 22:19:58 | 000,000,000 | ---D | M] (Fast Youtube Downloader) -- E:\Documents and Settings\karl\Application Data\Mozilla\Firefox\Profiles\wydcaq31.default\extensions\fastYoutubeDownloader@yevgenyandrov.net
[2012/03/20 00:02:28 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
[2011/11/24 15:34:06 | 000,042,737 | ---- | M] () (No name found) -- E:\DOCUMENTS AND SETTINGS\KARL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYDCAQ31.DEFAULT\EXTENSIONS\{AFF87FA2-A58E-4EDD-B852-0A20203C1E17}.XPI
[2011/05/10 12:46:14 | 000,060,249 | ---- | M] () (No name found) -- E:\DOCUMENTS AND SETTINGS\KARL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYDCAQ31.DEFAULT\EXTENSIONS\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}.XPI
[2012/02/19 22:48:23 | 000,246,025 | ---- | M] () (No name found) -- E:\DOCUMENTS AND SETTINGS\KARL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYDCAQ31.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
[2012/02/28 16:09:44 | 000,094,025 | ---- | M] () (No name found) -- E:\DOCUMENTS AND SETTINGS\KARL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYDCAQ31.DEFAULT\EXTENSIONS\CANITBECHEAPER@TRAFFICBROKER.CO.UK.XPI
[2012/04/27 10:05:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/10 23:36:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/27 10:04:58 | 000,001,525 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/05/11 18:46:31 | 000,002,191 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/04/27 10:04:58 | 000,002,252 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/27 10:04:58 | 000,000,935 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/27 10:04:58 | 000,001,166 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/27 10:04:58 | 000,002,040 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/04/27 10:04:58 | 000,001,121 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/02/12 16:56:59 | 000,000,698 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] E:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] E:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] E:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Lycosa] E:\Program Files\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] E:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] E:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] E:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [Philips Device Listener] E:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKLM..\Run: [Run StartupMonitor] E:\WINDOWS\StartupMonitor.exe ()
O4 - HKLM..\Run: [TrojanScanner] E:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004..\Run: [Akamai NetSession Interface] E:\Documents and Settings\karl\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004..\Run: [HP Photosmart 5510 series (NET)] E:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004..\Run: [YwvLwqew] E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe File not found
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPointII.lnk = E:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
O4 - Startup: E:\Documents and Settings\karl\Start Menu\Programs\Startup\Dropbox.lnk = E:\Documents and Settings\karl\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: E:\Documents and Settings\karl\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = E:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download with &Media Finder - E:\Program Files\Media Finder\hook.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - E:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/reso...an8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1204058397140 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://E:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://E:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5CE5140-596A-45AF-8805-CA7DF2FA4B8D}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\userinit.exe) - E:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe) - E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: E:\Documents and Settings\karl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Documents and Settings\karl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{01622bc4-7bf4-11e0-837d-000ee75003aa}\Shell - "" = AutoRun
O33 - MountPoints2\{01622bc4-7bf4-11e0-837d-000ee75003aa}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{01622bc4-7bf4-11e0-837d-000ee75003aa}\Shell\AutoRun\command - "" = H:\USBAutoRun.exe
O33 - MountPoints2\{bb9b3fdc-1123-11e0-8252-000ee75003aa}\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\{ee80ddc4-6a03-11de-bf39-000ee75003aa}\Shell - "" = AutoRun
O33 - MountPoints2\{ee80ddc4-6a03-11de-bf39-000ee75003aa}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ee80ddc4-6a03-11de-bf39-000ee75003aa}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/17 10:49:53 | 004,731,392 | ---- | C] (AVAST Software) -- E:\Documents and Settings\karl\Desktop\aswMBR.exe
[2012/06/15 07:39:29 | 000,596,480 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\karl\Desktop\OTL.exe
[2012/06/15 07:38:02 | 000,000,000 | ---D | C] -- E:\Documents and Settings\karl\Desktop\15-06-2012
[2012/06/12 11:33:19 | 000,000,000 | ---D | C] -- E:\WINDOWS\ERDNT
[2012/06/12 11:32:13 | 000,000,000 | ---D | C] -- E:\Program Files\ERUNT
[2012/06/12 11:32:13 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/06/09 10:09:46 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/09 10:09:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\karl\My Documents\Simply Super Software
[2012/06/09 10:08:30 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Trojan Remover
[2012/06/09 10:08:29 | 000,598,528 | ---- | C] (Igor Pavlov) -- E:\WINDOWS\System32\ztv7z.dll
[2012/06/09 10:08:29 | 000,069,632 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\ztvcabinet.dll
[2012/06/09 10:08:28 | 000,000,000 | ---D | C] -- E:\Program Files\Trojan Remover
[2012/06/09 10:08:28 | 000,000,000 | ---D | C] -- E:\Documents and Settings\karl\Application Data\Simply Super Software
[2012/06/09 10:08:28 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Simply Super Software
[2012/06/09 00:50:26 | 000,000,000 | ---D | C] -- E:\Documents and Settings\karl\Application Data\SUPERAntiSpyware.com
[2012/06/09 00:49:53 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/06/09 00:49:50 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/06/09 00:49:50 | 000,000,000 | ---D | C] -- E:\Program Files\SUPERAntiSpyware
[2012/06/08 23:55:36 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2012/06/08 23:55:36 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/08 00:06:38 | 000,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2012/06/07 02:08:22 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Bitdefender
[2012/06/07 02:07:45 | 000,000,000 | ---D | C] -- E:\Documents and Settings\karl\Application Data\Bitdefender
[2012/06/07 01:12:46 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Bitdefender 2012
[2012/06/07 00:40:46 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\BDLogging
[2012/06/07 00:01:01 | 000,000,000 | ---D | C] -- E:\Documents and Settings\karl\Application Data\QuickScan
[2012/06/06 23:33:34 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\SWF Studio
[2012/06/05 09:43:00 | 000,000,000 | ---D | C] -- E:\Program Files\Dropbox
[2012/06/05 00:21:38 | 000,000,000 | -HSD | C] -- E:\Diskeeper
[2012/06/03 00:02:07 | 000,038,608 | ---- | C] (Diskeeper Corporation) -- E:\WINDOWS\System32\drivers\DKRtWrt.sys
[2012/06/03 00:02:03 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Diskeeper Corporation
[2012/06/03 00:02:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Diskeeper Corporation
[2012/06/03 00:02:02 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2012/06/03 00:01:59 | 000,000,000 | ---D | C] -- E:\Program Files\Windows Home Server
[2012/05/25 09:53:58 | 000,000,000 | ---D | C] -- E:\Documents and Settings\karl\My Documents\Warzone 2100 2.3
[2012/05/25 09:51:56 | 000,444,952 | ---- | C] (Creative Labs) -- E:\WINDOWS\System32\wrap_oal.dll
[2012/05/25 09:51:56 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- E:\WINDOWS\System32\OpenAL32.dll
[2012/05/25 09:51:56 | 000,000,000 | ---D | C] -- E:\Program Files\OpenAL
[696 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[18 E:\WINDOWS\Fonts\*.tmp files -> E:\WINDOWS\Fonts\*.tmp -> ]
[18 E:\WINDOWS\Fonts\*.tmp files -> E:\WINDOWS\Fonts\*.tmp -> ]
[15 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/19 12:01:00 | 000,000,330 | ---- | M] () -- E:\WINDOWS\tasks\HP Photo Creations Messager.job
[2012/06/19 11:54:06 | 000,444,506 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2012/06/19 11:54:06 | 000,072,914 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
[2012/06/19 11:49:44 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2012/06/19 10:17:38 | 000,095,232 | ---- | M] () -- E:\Documents and Settings\karl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/19 10:07:09 | 000,013,646 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2012/06/17 11:32:37 | 000,000,512 | ---- | M] () -- E:\Documents and Settings\karl\Desktop\MBR.dat
[2012/06/17 10:50:48 | 004,731,392 | ---- | M] (AVAST Software) -- E:\Documents and Settings\karl\Desktop\aswMBR.exe
[2012/06/15 07:39:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\karl\Desktop\OTL.exe
[2012/06/12 11:33:03 | 000,000,767 | ---- | M] () -- E:\Documents and Settings\karl\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/06/12 11:32:13 | 000,000,611 | ---- | M] () -- E:\Documents and Settings\karl\Desktop\NTREGOPT.lnk
[2012/06/12 11:32:13 | 000,000,592 | ---- | M] () -- E:\Documents and Settings\karl\Desktop\ERUNT.lnk
[2012/06/09 01:40:19 | 000,032,072 | ---- | M] () -- E:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/06/09 01:04:10 | 001,012,656 | ---- | M] () -- E:\Documents and Settings\karl\Desktop\r.exe
[2012/06/09 00:49:53 | 000,001,678 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/08 23:28:57 | 000,143,254 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339194224.bdinstall.bin
[2012/06/08 17:19:14 | 000,107,095 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339172179.bdinstall.bin
[2012/06/08 16:54:06 | 000,100,834 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339170750.bdinstall.bin
[2012/06/08 16:37:33 | 000,022,015 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169853.376.bin
[2012/06/08 16:37:33 | 000,001,392 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2840.bin
[2012/06/08 16:37:33 | 000,000,459 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2848.bin
[2012/06/08 16:37:33 | 000,000,459 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2844.bin
[2012/06/08 16:37:33 | 000,000,459 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2836.bin
[2012/06/08 16:37:33 | 000,000,420 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2852.bin
[2012/06/08 16:35:26 | 000,131,292 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169604.bdinstall.bin
[2012/06/08 16:29:36 | 000,012,992 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169364.bdinstall.bin
[2012/06/08 16:28:53 | 000,087,090 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339169319.bdinstall.bin
[2012/06/07 03:01:05 | 000,088,855 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339034451.bdinstall.bin
[2012/06/07 02:56:38 | 000,057,606 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339032990.3600.bin
[2012/06/07 02:56:38 | 000,023,744 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339032990.3572.bin
[2012/06/07 02:56:38 | 000,008,392 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339032990.1316.bin
[2012/06/07 02:56:38 | 000,001,766 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339032990.2740.bin
[2012/06/07 02:36:30 | 000,019,985 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339032990.bdinstall.bin
[2012/06/07 02:24:05 | 000,000,385 | ---- | M] () -- E:\WINDOWS\System32\user_gensett.xml
[2012/06/07 02:10:00 | 000,218,230 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339030941.bdinstall.bin
[2012/06/07 02:00:31 | 000,012,993 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339030829.bdinstall.bin
[2012/06/07 02:00:17 | 000,427,125 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339030458.bdinstall.bin
[2012/06/07 01:54:10 | 000,024,578 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339028487.2404.bin
[2012/06/07 01:54:10 | 000,017,885 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339028487.5872.bin
[2012/06/07 01:54:10 | 000,007,727 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339028487.5212.bin
[2012/06/07 01:54:10 | 000,005,399 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339028487.2472.bin
[2012/06/07 01:21:27 | 000,019,990 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339028486.bdinstall.bin
[2012/06/07 01:14:00 | 000,153,328 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339027849.bdinstall.bin
[2012/06/07 01:10:48 | 000,019,984 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339027848.bdinstall.bin
[2012/06/07 00:37:32 | 000,285,498 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\1339023653.bdinstall.bin
[2012/06/07 00:05:27 | 000,000,000 | -H-- | M] () -- E:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/06/07 00:05:26 | 000,000,000 | -H-- | M] () -- E:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/06/06 23:26:01 | 000,000,121 | ---- | M] () -- E:\WINDOWS\bdagent.INI
[2012/06/06 06:19:57 | 000,081,984 | ---- | M] () -- E:\WINDOWS\System32\bdod.bin
[2012/06/05 09:43:05 | 000,001,021 | ---- | M] () -- E:\Documents and Settings\karl\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/05 09:42:53 | 000,001,003 | ---- | M] () -- E:\Documents and Settings\karl\Desktop\Dropbox.lnk
[2012/06/04 23:18:15 | 000,001,355 | ---- | M] () -- E:\WINDOWS\imsins.BAK
[2012/05/31 14:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/25 09:51:56 | 000,444,952 | ---- | M] (Creative Labs) -- E:\WINDOWS\System32\wrap_oal.dll
[2012/05/25 09:51:56 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- E:\WINDOWS\System32\OpenAL32.dll
[2012/05/25 09:51:55 | 000,000,605 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Warzone 2100.lnk
[2012/05/25 09:49:40 | 000,000,032 | ---- | M] () -- E:\WINDOWS\CD_Start.INI
[2012/05/24 08:56:54 | 000,212,880 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[696 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[15 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/17 11:32:37 | 000,000,512 | ---- | C] () -- E:\Documents and Settings\karl\Desktop\MBR.dat
[2012/06/12 14:55:52 | 000,002,185 | ---- | C] () -- E:\Documents and Settings\karl\Start Menu\Programs\Stop StartupMonitor.lnk
[2012/06/12 11:33:03 | 000,000,767 | ---- | C] () -- E:\Documents and Settings\karl\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/06/12 11:32:13 | 000,000,611 | ---- | C] () -- E:\Documents and Settings\karl\Desktop\NTREGOPT.lnk
[2012/06/12 11:32:13 | 000,000,592 | ---- | C] () -- E:\Documents and Settings\karl\Desktop\ERUNT.lnk
[2012/06/12 11:18:49 | 000,001,687 | ---- | C] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2012/06/12 11:18:49 | 000,001,657 | ---- | C] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPointII.lnk
[2012/06/12 11:18:49 | 000,001,021 | ---- | C] () -- E:\Documents and Settings\karl\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/09 10:08:29 | 000,178,176 | ---- | C] () -- E:\WINDOWS\System32\ztvunrar39.dll
[2012/06/09 10:08:29 | 000,162,304 | ---- | C] () -- E:\WINDOWS\System32\ztvunrar36.dll
[2012/06/09 10:08:29 | 000,153,088 | ---- | C] () -- E:\WINDOWS\System32\UNRAR3.dll
[2012/06/09 10:08:29 | 000,077,312 | ---- | C] () -- E:\WINDOWS\System32\ztvunace26.dll
[2012/06/09 10:08:29 | 000,075,264 | ---- | C] () -- E:\WINDOWS\System32\unacev2.dll
[2012/06/09 01:35:17 | 001,012,656 | ---- | C] () -- E:\Documents and Settings\karl\Desktop\r.exe
[2012/06/09 00:49:53 | 000,001,678 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/08 23:57:03 | 000,032,072 | ---- | C] () -- E:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/06/08 23:28:57 | 000,143,254 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339194224.bdinstall.bin
[2012/06/08 17:19:14 | 000,107,095 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339172179.bdinstall.bin
[2012/06/08 16:54:06 | 000,100,834 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339170750.bdinstall.bin
[2012/06/08 16:37:33 | 000,022,015 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169853.376.bin
[2012/06/08 16:37:33 | 000,001,392 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2840.bin
[2012/06/08 16:37:33 | 000,000,459 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2848.bin
[2012/06/08 16:37:33 | 000,000,459 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2844.bin
[2012/06/08 16:37:33 | 000,000,459 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2836.bin
[2012/06/08 16:37:33 | 000,000,420 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169853.2852.bin
[2012/06/08 16:35:26 | 000,131,292 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169604.bdinstall.bin
[2012/06/08 16:29:36 | 000,012,992 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169364.bdinstall.bin
[2012/06/08 16:28:53 | 000,087,090 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339169319.bdinstall.bin
[2012/06/07 03:01:05 | 000,088,855 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339034451.bdinstall.bin
[2012/06/07 02:36:32 | 000,057,606 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339032990.3600.bin
[2012/06/07 02:36:31 | 000,008,392 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339032990.1316.bin
[2012/06/07 02:36:31 | 000,001,766 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339032990.2740.bin
[2012/06/07 02:36:30 | 000,023,744 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339032990.3572.bin
[2012/06/07 02:36:30 | 000,019,985 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339032990.bdinstall.bin
[2012/06/07 02:24:05 | 000,000,385 | ---- | C] () -- E:\WINDOWS\System32\user_gensett.xml
[2012/06/07 02:10:00 | 000,218,230 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339030941.bdinstall.bin
[2012/06/07 02:00:31 | 000,012,993 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339030829.bdinstall.bin
[2012/06/07 02:00:17 | 000,427,125 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339030458.bdinstall.bin
[2012/06/07 01:21:30 | 000,017,885 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339028487.5872.bin
[2012/06/07 01:21:28 | 000,007,727 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339028487.5212.bin
[2012/06/07 01:21:27 | 000,024,578 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339028487.2404.bin
[2012/06/07 01:21:27 | 000,019,990 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339028486.bdinstall.bin
[2012/06/07 01:21:27 | 000,005,399 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339028487.2472.bin
[2012/06/07 01:14:00 | 000,153,328 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339027849.bdinstall.bin
[2012/06/07 01:10:48 | 000,019,984 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339027848.bdinstall.bin
[2012/06/07 00:37:32 | 000,285,498 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\1339023653.bdinstall.bin
[2012/06/07 00:05:27 | 000,000,000 | -H-- | C] () -- E:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/06/07 00:05:26 | 000,000,000 | -H-- | C] () -- E:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/05/25 09:51:55 | 000,000,605 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Warzone 2100.lnk
[2012/05/25 09:49:39 | 000,000,032 | ---- | C] () -- E:\WINDOWS\CD_Start.INI
[2012/02/24 16:48:10 | 000,292,700 | ---- | C] () -- E:\WINDOWS\System32\nvdrsdb1.bin
[2012/02/24 16:48:10 | 000,292,700 | ---- | C] () -- E:\WINDOWS\System32\nvdrsdb0.bin
[2012/02/24 16:48:10 | 000,000,001 | ---- | C] () -- E:\WINDOWS\System32\nvdrssel.bin
[2012/02/24 16:47:46 | 002,783,770 | ---- | C] () -- E:\WINDOWS\System32\nvdata.data
[2012/02/17 00:41:36 | 000,003,072 | ---- | C] () -- E:\WINDOWS\System32\iacenc.dll
[2012/01/27 15:35:21 | 000,000,057 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\Ament.ini
[2011/05/11 19:18:44 | 000,053,248 | ---- | C] () -- E:\WINDOWS\System32\CommonDL.dll
[2011/05/11 19:18:44 | 000,002,413 | ---- | C] () -- E:\WINDOWS\System32\lgAxconfig.ini
[2011/05/08 21:53:13 | 000,085,504 | ---- | C] () -- E:\WINDOWS\System32\ff_vfw.dll
[2010/10/11 23:17:21 | 000,000,760 | ---- | C] () -- E:\Documents and Settings\karl\Application Data\setup_ldm.iss

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

[Baydon]

and...



OTL Extras logfile created on: 19/06/2012 12:01:16 - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = E:\Documents and Settings\karl\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.79% Memory free
3.85 Gb Paging File | 3.14 Gb Available in Paging File | 81.63% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 186.27 Gb Total Space | 36.68 Gb Free Space | 19.69% Space Free | Partition Type: NTFS
Drive E: | 368.10 Gb Total Space | 138.11 Gb Free Space | 37.52% Space Free | Partition Type: NTFS
Drive F: | 97.65 Gb Total Space | 27.77 Gb Free Space | 28.44% Space Free | Partition Type: NTFS

Computer Name: CATACOMB | User Name: karl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
http [open] -- "E:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "E:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"57134:TCP" = 57134:TCP:*:Enabled:Pando Media Booster
"57134:UDP" = 57134:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"57134:TCP" = 57134:TCP:*:Enabled:Pando Media Booster
"57134:UDP" = 57134:UDP:*:Enabled:Pando Media Booster
"1042:TCP" = 1042:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CCP\EVE\bin\ExeFile.exe" = C:\Program Files\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile
"E:\WINDOWS\system32\PnkBstrA.exe" = E:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
"E:\WINDOWS\system32\PnkBstrB.exe" = E:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
"E:\Program Files\Games\CCP\EVE\bin\ExeFile.exe" = E:\Program Files\Games\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile
"E:\Program Files\Games\Copy of CCP\EVE\bin\ExeFile.exe" = E:\Program Files\Games\Copy of CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
"E:\Program Files\Games\Chaos Gate\WH40K.exe" = E:\Program Files\Games\Chaos Gate\WH40K.exe:*:Disabled:WH40K
"E:\Program Files\DNA\btdna.exe" = E:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"E:\Program Files\Ventrilo\Ventrilo.exe" = E:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"E:\Program Files\Games\Turbine\Turbine Download Manager\TurbineMessageService.exe" = E:\Program Files\Games\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService
"E:\Program Files\Games\Turbine\Turbine Download Manager\TurbineNetworkService.exe" = E:\Program Files\Games\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService
"E:\Program Files\Games\neverwinter nights 2\nwn2main.exe" = E:\Program Files\Games\neverwinter nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main
"E:\Program Files\Games\neverwinter nights 2\nwn2main_amdxp.exe" = E:\Program Files\Games\neverwinter nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD
"E:\Program Files\Games\neverwinter nights 2\nwupdate.exe" = E:\Program Files\Games\neverwinter nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater
"E:\Program Files\Games\neverwinter nights 2\nwn2server.exe" = E:\Program Files\Games\neverwinter nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server
"H:\AnarchyOnline_18.1.1-Small.exe" = H:\AnarchyOnline_18.1.1-Small.exe:*:Enabled:Anarchy Online
"E:\Program Files\Games\Steam\steamapps\common\left 4 dead\left4dead.exe" = E:\Program Files\Games\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"E:\Documents and Settings\karl\Local Settings\Application Data\Akamai\netsession_win.exe" = E:\Documents and Settings\karl\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface -- (Akamai Technologies, Inc)
"E:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = E:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"E:\Documents and Settings\karl\Application Data\Dropbox\bin\Dropbox.exe" = E:\Documents and Settings\karl\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"E:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe" = E:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Photosmart 5510 series) -- (Hewlett-Packard Co.)
"E:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe" = E:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP Photosmart 5510 series) -- (Hewlett-Packard Co.)
"E:\Program Files\Games\Steam\steamapps\common\star trek online\Star Trek Online.exe" = E:\Program Files\Games\Steam\steamapps\common\star trek online\Star Trek Online.exe:*:Enabled:Star Trek Online -- ()
"E:\Program Files\Games\Steam\steamapps\common\magic the gathering tactics\LaunchPad.exe" = E:\Program Files\Games\Steam\steamapps\common\magic the gathering tactics\LaunchPad.exe:*:Enabled:Magic: The Gathering – Tactics -- ()
"E:\Program Files\Games\Steam\steamapps\common\legend of grimrock\grimrock.exe" = E:\Program Files\Games\Steam\steamapps\common\legend of grimrock\grimrock.exe:*:Enabled:Legend of Grimrock -- ()
"E:\Program Files\Games\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = E:\Program Files\Games\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"E:\Program Files\Games\Steam\steamapps\common\killingfloor\System\KillingFloor.exe" = E:\Program Files\Games\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor -- ()
"E:\WINDOWS\system32\mmc.exe" = E:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{06604771-5346-492A-93C1-486B6CCD10AD}" = MP3 Player
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}" = Nokia Connectivity Cable Driver
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0F8BF571-2F67-4D9C-A844-F5B202A7357F}" = Diskeeper 2011 Professional
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14AFF408-F4FB-4F71-B9A3-C6A1096802BF}" = HP Photosmart 5510 series Basic Device Software
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29466F9C-7C6A-419C-B301-F440FAF78760}" = Nokia PC Suite
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{34B9B494-EF4A-4592-87A8-BE40D0442E86}" = Dawn of War - Soulstorm
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{461B11E8-BF34-4ACB-962A-1CBE905BD9EB}" = LG United Mobile Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{76EFAC4F-1712-401F-B2AE-590B170C9BCE}" = StartupMonitor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}" = User's Guides
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}" = PC Connectivity Solution
"{C067C316-4036-4E97-B013-21DCBE649F81}_is1" = Race for the Galaxy version 0.8.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = Uninstall LG PC Suite III
"{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}" = HP Photosmart 5510 series Help
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1670367-C07F-411f-A196-79D2C65CBEC0}" = PS8200
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = The Lord of the Rings Online™ v03.02.04.8010
"593AFD5277FA19E67C70E56534B45B0DDD9ED9FE" = Windows Driver Package - Razer (HidUsb) HIDClass (01/11/2007 1.0)
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows Driver Package - Nokia Modem (10/12/2007 3.6)
"7-Zip" = 7-Zip 4.65
"819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Anarchy Online_is1" = Anarchy Online
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"DCoder Image Source" = DCoder Image Source (remove only)
"DirectVobSub" = DirectVobSub (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"DVD Flick_is1" = DVD Flick 1.3.0.7
"ERUNT_is1" = ERUNT 1.1j
"EsetOnlineScanner" = ESET Online Scanner
"ffdshow_is1" = ffdshow [rev 3124] [2009-11-03]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Full Pack" = Full Pack Codecs
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"HaaliMkx" = Haali Media Splitter
"HarvEX" = HarvEX
"Hero Lab V3.6e" = Hero Lab V3.6e
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Photo Creations" = HP Photo Creations
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InCD!UninstallKey" = Ahead InCD
"Jagged Alliance - Back in Action_is1" = Jagged Alliance - Back in Action
"Legend of Grimrock" = Legend of Grimrock
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MechWarrior Mercenaries" = MechWarrior 4 Mercenaries
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MRW!UninstallKey" = Ahead InCD EasyWrite Reader
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Ahead Nero - Burning Rom
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenAL" = OpenAL
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"PDFCanvas V1.5" = PDFCanvas V1.5
"Philips Songbird" = Philips Songbird
"Race for the Galaxy_is1" = Race for the Galaxy 0.6.1
"RealMedia" = RealMedia (remove only)
"RealPlayer 6.0" = RealPlayer
"SHOUTcast Source" = SHOUTcast Source (remove only)
"ST Movie Computer.scr" = ST Movie Computer ScreenSaver
"ST6UNST #1" = Full Thrust Ship Creator
"ST6UNST #2" = Full Thrust Ship Creator (h:\Full Thrust\Ship Creator\)
"Steam App 1250" = Killing Floor
"Steam App 201190" = Magic: The Gathering – Tactics
"Steam App 207170" = Legend of Grimrock
"Steam App 220" = Half-Life 2
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 35420" = Killing Floor Mod: Defence Alliance 2
"Steam App 360" = Half-Life Deathmatch: Source
"Steam App 380" = Half-Life 2: Episode One
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 9900" = Star Trek Online
"SystemRequirementsLab" = System Requirements Lab
"Trojan Remover_is1" = Trojan Remover 6.8.3
"U212 Media Kit" = U212 Media Kit
"VLC media player" = VLC media player 1.1.11
"Warhammer 40,000: Chaos Gate" = Warhammer 40,000: Chaos Gate
"Warzone 2100" = Warzone 2100
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"WinAVIVideoConverter_is1" = WinAVIVideoConverter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 02/06/2012 19:02:09 | Computer Name = CATACOMB | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 02/06/2012 19:02:09 | Computer Name = CATACOMB | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 05/06/2012 14:17:36 | Computer Name = CATACOMB | Source = Application Error | ID = 1000
Description = Faulting application left4dead2.exe, version 0.0.0.0, faulting module
studiorender.dll, version 0.0.0.0, fault address 0x0000c7f3.

Error - 06/06/2012 19:03:31 | Computer Name = CATACOMB | Source = MsiInstaller | ID = 11704
Description = Product: Bitdefender Total Security 2012 -- Error 1704. An installation
for BitDefender GameSafe is currently suspended. You must undo the changes made
by that installation to continue. Do you want to undo those changes?

Error - 06/06/2012 20:12:26 | Computer Name = CATACOMB | Source = MsiInstaller | ID = 11404
Description = Product: BitDefender GameSafe -- Error 1404. Could not delete key
\SYSTEM\CurrentControlSet\Services\bdfsfltr. System error . Verify that you have
sufficient access to that key, or contact your support personnel.

Error - 06/06/2012 21:05:49 | Computer Name = CATACOMB | Source = MsiInstaller | ID = 11704
Description = Product: BitDefender GameSafe -- Error 1704. An installation for Bitdefender
Total Security 2012 is currently suspended. You must undo the changes made by
that installation to continue. Do you want to undo those changes?

Error - 19/06/2012 05:42:35 | Computer Name = CATACOMB | Source = Application Error | ID = 1000
Description = Faulting application uninst.exe, version 3.3.6.1, faulting module
uninst.exe, version 3.3.6.1, fault address 0x000137ec.

[ System Events ]
Error - 16/06/2012 04:24:34 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BDVEDISK

Error - 17/06/2012 04:56:11 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BDVEDISK

Error - 17/06/2012 05:01:57 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 19/06/2012 05:07:23 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BDVEDISK

Error - 19/06/2012 05:08:04 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 19/06/2012 06:13:22 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BDVEDISK

Error - 19/06/2012 06:37:49 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 19/06/2012 06:40:38 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BDVEDISK

Error - 19/06/2012 06:50:09 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BDVEDISK

Error - 19/06/2012 06:50:09 | Computer Name = CATACOMB | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).


< End of report >


Also when I start up the comp sometimes there is no start/taskbar and I have to use the reset button - this almost always happens if I dont choose a user straight away.

when I uninstalled punkbuster it asked for a restart, when I restarted windows explorer auto opened and hung....

Regards
Karl

[maxi]

Hi Karl, It is very important that we get an Anti-virus program on the computer now. I am going to give you one to try to install now but you can replace it with Bitdefender if you wish, when we are done.

Download this to your Desktop but do NOT install it yet.

• avast! 6 Home Edition -

Back up your registry again like you did before using Erunt.

Run OTL Script

We need to run an OTL Fix

• Double-click OTL.exe to start the program.
• Copy and Paste the following code into the textbox. Do not include the word Code
  
  Code:

  :otl
  IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
  IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
  IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
  IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
  IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home
  IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
  IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
  IE - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
  [2011/05/11 18:46:31 | 000,002,191 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\babylon.xml
  O4 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004..\Run: [YwvLwqew] E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe File not found
  O8 - Extra context menu item: Download with &Media Finder - E:\Program Files\Media Finder\hook.html File not found
  O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
  O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
  O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
  O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
  O15 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
  O15 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..Trusted Domains: freerealms.com ([]* in Trusted sites)
  O15 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..Trusted Domains: soe.com ([]* in Trusted sites)
  O15 - HKU\S-1-5-21-1708537768-1482476501-839522115-1004\..Trusted Domains: sony.com ([]* in Trusted sites)
  O20 - HKLM Winlogon: UserInit - (E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe) - E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe File not found
  @Alternate Data Stream - 138 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9)
  
  :reg
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
  "E:\WINDOWS\system32\PnkBstrA.exe" =-
  "E:\WINDOWS\system32\PnkBstrB.exe" =-
  "C:\Program Files\uTorrent\uTorrent.exe" =-
  "E:\Program Files\DNA\btdna.exe" =-
  
  :files
  ipconfig /flushdns /c
  
  :commands
  [emptytemp]
  [resethosts]
  [createrestorepoint]

• Then click the Run Fix button at the top.
• Click .
• OTL may ask to reboot the machine. Please do so if asked.
• The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Now try and Install Avast! Anti-virus program. If it installs, Update it and run a full scan and report back in you next reply if it finds anything. Do not let it remove anything at this point but note down any files and file paths that are found.

Regards maxi

[Baydon]

When i click on the link for avast! 6 i get a cannot connect screen, can i download on my wifes laptop and use a flash pen to prt it over?

Regards
Karl

[maxi]

Yes you can try that

[Baydon]

OTL log....

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-1708537768-1482476501-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1708537768-1482476501-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
HKU\S-1-5-21-1708537768-1482476501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
E:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-1708537768-1482476501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\YwvLwqew deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1708537768-1482476501-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe deleted successfully.
Unable to delete ADS E:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9) .
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\WINDOWS\system32\PnkBstrA.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\WINDOWS\system32\PnkBstrB.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\Program Files\DNA\btdna.exe deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
E:\Documents and Settings\karl\Desktop\cmd.bat deleted successfully.
E:\Documents and Settings\karl\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: karl
->Temp folder emptied: 1538016358 bytes
->Temporary Internet Files folder emptied: 2422299524 bytes
->Java cache emptied: 8589902 bytes
->FireFox cache emptied: 53541610 bytes
->Flash cache emptied: 167453 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 34060 bytes

User: Lyn Patricia
->Temp folder emptied: 2041265 bytes
->Temporary Internet Files folder emptied: 1217195 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 73688792 bytes
->Flash cache emptied: 57602 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 66639806 bytes
%systemroot%\System32 .tmp files removed: 160290513 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 48707344 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 202013814 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 74070 bytes
RecycleBin emptied: 3658812305 bytes

Total Files Cleaned = 7,855.00 mb

E:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.48.0 log created on 06232012_163435

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


and.......

[Baydon]

I cant paste the log from avast but ther are a load that say "threat:win32:malware-gen"

Regards
Karl

[maxi]

Hi Baydon Now that you have an AV we can continue. Was Avast giving you file names and file paths ?

Step 1
Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

• The application window will appear
• Click the Disable button to disable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Step 2
TDSSKiller

Please download TDSSKiller.exe and save it to your Desktop.

• Double click on TDSSKiller.exe to launch it.
• Click on Start Scan, the scan will run.
• When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
• Now click on Report to open the log file created by TDSSKiller in your root directory C:\
• To find the log go to Start > Computer > C:
• Post the contents of that log in your next reply please.
• DO NOT TRY TO FIX ANYTHING AT THIS POINT

Step 3
Upload File/Files for testing

Please go to Virustotal or jotti.org

Copy/paste this file and path into the white box at the top:

E:\Documents and Settings\karl\Desktop\r.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :


In your next reply please include:
The log from TDSSKiller.
The link to VirusTotal.
The answer to my question.
Any problem you had with my instructions.

Regards maxi

[Baydon]

TDSSKILLER report...

21:39:36.0765 2672 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
21:39:36.0890 2672 ============================================================
21:39:36.0890 2672 Current date / time: 2012/06/24 21:39:36.0890
21:39:36.0890 2672 SystemInfo:
21:39:36.0890 2672
21:39:36.0890 2672 OS Version: 5.1.2600 ServicePack: 3.0
21:39:36.0890 2672 Product type: Workstation
21:39:36.0890 2672 ComputerName: CATACOMB
21:39:36.0890 2672 UserName: karl
21:39:36.0890 2672 Windows directory: E:\WINDOWS
21:39:36.0890 2672 System windows directory: E:\WINDOWS
21:39:36.0890 2672 Processor architecture: Intel x86
21:39:36.0890 2672 Number of processors: 2
21:39:36.0890 2672 Page size: 0x1000
21:39:36.0890 2672 Boot type: Normal boot
21:39:36.0890 2672 ============================================================
21:39:37.0968 2672 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:39:37.0984 2672 Drive \Device\Harddisk1\DR1 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:39:38.0000 2672 ============================================================
21:39:38.0000 2672 \Device\Harddisk0\DR0:
21:39:38.0000 2672 MBR partitions:
21:39:38.0000 2672 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2E031A75
21:39:38.0031 2672 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2E031AF3, BlocksNum 0xC34F28D
21:39:38.0031 2672 \Device\Harddisk1\DR1:
21:39:38.0031 2672 MBR partitions:
21:39:38.0031 2672 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1748A3BD
21:39:38.0031 2672 ============================================================
21:39:38.0062 2672 C: <-> \Device\Harddisk1\DR1\Partition0
21:39:38.0093 2672 E: <-> \Device\Harddisk0\DR0\Partition0
21:39:38.0109 2672 F: <-> \Device\Harddisk0\DR0\Partition1
21:39:38.0484 2672 ============================================================
21:39:38.0484 2672 Initialize success
21:39:38.0484 2672 ============================================================
21:40:05.0890 0304 ============================================================
21:40:05.0890 0304 Scan started
21:40:05.0890 0304 Mode: Manual;
21:40:05.0890 0304 ============================================================
21:40:06.0328 0304 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) E:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:40:06.0328 0304 !SASCORE - ok
21:40:06.0453 0304 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) E:\WINDOWS\system32\drivers\Aavmker4.sys
21:40:06.0468 0304 Aavmker4 - ok
21:40:06.0468 0304 Abiosdsk - ok
21:40:06.0468 0304 abp480n5 - ok
21:40:06.0515 0304 ACPI (8fd99680a539792a30e97944fdaecf17) E:\WINDOWS\system32\DRIVERS\ACPI.sys
21:40:06.0515 0304 ACPI - ok
21:40:06.0546 0304 ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys
21:40:06.0562 0304 ACPIEC - ok
21:40:06.0562 0304 adpu160m - ok
21:40:06.0593 0304 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys
21:40:06.0593 0304 aec - ok
21:40:06.0640 0304 AFD (1e44bc1e83d8fd2305f8d452db109cf9) E:\WINDOWS\System32\drivers\afd.sys
21:40:06.0640 0304 AFD - ok
21:40:06.0640 0304 Aha154x - ok
21:40:06.0656 0304 aic78u2 - ok
21:40:06.0656 0304 aic78xx - ok
21:40:06.0687 0304 Alerter (a9a3daa780ca6c9671a19d52456705b4) E:\WINDOWS\system32\alrsvc.dll
21:40:06.0703 0304 Alerter - ok
21:40:06.0734 0304 ALG (8c515081584a38aa007909cd02020b3d) E:\WINDOWS\System32\alg.exe
21:40:06.0734 0304 ALG - ok
21:40:06.0734 0304 AliIde - ok
21:40:06.0906 0304 ALSysIO - ok
21:40:06.0906 0304 amsint - ok
21:40:06.0906 0304 AppMgmt - ok
21:40:06.0906 0304 asc - ok
21:40:06.0906 0304 asc3350p - ok
21:40:06.0921 0304 asc3550 - ok
21:40:07.0046 0304 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:40:07.0046 0304 aspnet_state - ok
21:40:07.0093 0304 aswFsBlk (0ae43c6c411254049279c2ee55630f95) E:\WINDOWS\system32\drivers\aswFsBlk.sys
21:40:07.0093 0304 aswFsBlk - ok
21:40:07.0109 0304 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) E:\WINDOWS\system32\drivers\aswMon2.sys
21:40:07.0109 0304 aswMon2 - ok
21:40:07.0125 0304 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) E:\WINDOWS\system32\drivers\AswRdr.sys
21:40:07.0125 0304 AswRdr - ok
21:40:07.0156 0304 aswSnx (dcb199b967375753b5019ec15f008f53) E:\WINDOWS\system32\drivers\aswSnx.sys
21:40:07.0171 0304 aswSnx - ok
21:40:07.0203 0304 aswSP (b32873e5a1443c0a1e322266e203bf10) E:\WINDOWS\system32\drivers\aswSP.sys
21:40:07.0203 0304 aswSP - ok
21:40:07.0203 0304 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) E:\WINDOWS\system32\drivers\aswTdi.sys
21:40:07.0203 0304 aswTdi - ok
21:40:07.0234 0304 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:40:07.0234 0304 AsyncMac - ok
21:40:07.0250 0304 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys
21:40:07.0265 0304 atapi - ok
21:40:07.0265 0304 Atdisk - ok
21:40:07.0281 0304 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:40:07.0281 0304 Atmarpc - ok
21:40:07.0328 0304 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) E:\WINDOWS\System32\audiosrv.dll
21:40:07.0328 0304 AudioSrv - ok
21:40:07.0390 0304 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys
21:40:07.0390 0304 audstub - ok
21:40:07.0484 0304 avast! Antivirus (4041d31508a2a084dfb42c595854090f) E:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:40:07.0484 0304 avast! Antivirus - ok
21:40:07.0484 0304 avc3 - ok
21:40:07.0531 0304 avchv (e830674bbba9ed0ae0ed3cab10e25a9e) E:\WINDOWS\system32\DRIVERS\avchv.sys
21:40:07.0531 0304 avchv - ok
21:40:07.0546 0304 avckf - ok
21:40:07.0546 0304 BDVEDISK - ok
21:40:07.0578 0304 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys
21:40:07.0578 0304 Beep - ok
21:40:07.0609 0304 BITS (574738f61fca2935f5265dc4e5691314) E:\WINDOWS\system32\qmgr.dll
21:40:07.0765 0304 BITS - ok
21:40:07.0796 0304 Browser (a06ce3399d16db864f55faeb1f1927a9) E:\WINDOWS\System32\browser.dll
21:40:07.0796 0304 Browser - ok
21:40:07.0843 0304 BsStor (d6d0f3860f022a12e888965f8237cbd9) E:\WINDOWS\system32\DRIVERS\bsstor.sys
21:40:07.0843 0304 BsStor - ok
21:40:07.0859 0304 BsUDF (86e65e36995ed2c6d0646186d51b7f6a) E:\WINDOWS\system32\drivers\BsUDF.sys
21:40:07.0859 0304 BsUDF - ok
21:40:07.0906 0304 BthEnum (b279426e3c0c344893ed78a613a73bde) E:\WINDOWS\system32\DRIVERS\BthEnum.sys
21:40:07.0906 0304 BthEnum - ok
21:40:07.0921 0304 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) E:\WINDOWS\system32\DRIVERS\bthmodem.sys
21:40:07.0921 0304 BTHMODEM - ok
21:40:07.0921 0304 BthPan (80602b8746d3738f5886ce3d67ef06b6) E:\WINDOWS\system32\DRIVERS\bthpan.sys
21:40:07.0921 0304 BthPan - ok
21:40:07.0984 0304 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) E:\WINDOWS\system32\Drivers\BTHport.sys
21:40:08.0000 0304 BTHPORT - ok
21:40:08.0062 0304 BthServ (f4c43c66471b87996d95db7a3a664a37) E:\WINDOWS\System32\bthserv.dll
21:40:08.0062 0304 BthServ - ok
21:40:08.0062 0304 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) E:\WINDOWS\system32\Drivers\BTHUSB.sys
21:40:08.0062 0304 BTHUSB - ok
21:40:08.0093 0304 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) E:\WINDOWS\system32\drivers\BVRPMPR5.SYS
21:40:08.0093 0304 BVRPMPR5 - ok
21:40:08.0109 0304 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys
21:40:08.0109 0304 cbidf2k - ok
21:40:08.0125 0304 cd20xrnt - ok
21:40:08.0156 0304 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys
21:40:08.0156 0304 Cdaudio - ok
21:40:08.0187 0304 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys
21:40:08.0187 0304 Cdfs - ok
21:40:08.0218 0304 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys
21:40:08.0218 0304 Cdrom - ok
21:40:08.0218 0304 Changer - ok
21:40:08.0250 0304 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) E:\WINDOWS\system32\cisvc.exe
21:40:08.0250 0304 CiSvc - ok
21:40:08.0265 0304 ClipSrv (34cbe729f38138217f9c80212a2a0c82) E:\WINDOWS\system32\clipsrv.exe
21:40:08.0265 0304 ClipSrv - ok
21:40:08.0453 0304 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) e:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:40:08.0453 0304 clr_optimization_v2.0.50727_32 - ok
21:40:08.0453 0304 CmdIde - ok
21:40:08.0468 0304 COMSysApp - ok
21:40:08.0468 0304 Cpqarray - ok
21:40:08.0484 0304 CryptSvc (3d4e199942e29207970e04315d02ad3b) E:\WINDOWS\System32\cryptsvc.dll
21:40:08.0484 0304 CryptSvc - ok
21:40:08.0484 0304 dac2w2k - ok
21:40:08.0484 0304 dac960nt - ok
21:40:08.0546 0304 DcomLaunch (6b27a5c03dfb94b4245739065431322c) E:\WINDOWS\system32\rpcss.dll
21:40:08.0546 0304 DcomLaunch - ok
21:40:08.0562 0304 Dhcp (5e38d7684a49cacfb752b046357e0589) E:\WINDOWS\System32\dhcpcsvc.dll
21:40:08.0562 0304 Dhcp - ok
21:40:08.0578 0304 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys
21:40:08.0578 0304 Disk - ok
21:40:08.0703 0304 Diskeeper (ea63926076d255a449060e406aca59f7) F:\Diskeeper Corporation\Diskeeper\DkService.exe
21:40:08.0734 0304 Diskeeper - ok
21:40:08.0750 0304 DKRtWrt (23285d9144c76bee6fef8e4b8d2fd3c4) E:\WINDOWS\system32\DRIVERS\DKRtWrt.sys
21:40:08.0750 0304 DKRtWrt - ok
21:40:08.0750 0304 dmadmin - ok
21:40:08.0812 0304 dmboot (d992fe1274bde0f84ad826acae022a41) E:\WINDOWS\system32\drivers\dmboot.sys
21:40:08.0828 0304 dmboot - ok
21:40:08.0843 0304 dmio (7c824cf7bbde77d95c08005717a95f6f) E:\WINDOWS\system32\drivers\dmio.sys
21:40:08.0843 0304 dmio - ok
21:40:08.0875 0304 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys
21:40:08.0875 0304 dmload - ok
21:40:08.0906 0304 dmserver (57edec2e5f59f0335e92f35184bc8631) E:\WINDOWS\System32\dmserver.dll
21:40:08.0906 0304 dmserver - ok
21:40:08.0921 0304 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys
21:40:08.0937 0304 DMusic - ok
21:40:08.0968 0304 Dnscache (5f7e24fa9eab896051ffb87f840730d2) E:\WINDOWS\System32\dnsrslvr.dll
21:40:08.0968 0304 Dnscache - ok
21:40:09.0015 0304 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) E:\WINDOWS\System32\dot3svc.dll
21:40:09.0015 0304 Dot3svc - ok
21:40:09.0015 0304 dpti2o - ok
21:40:09.0015 0304 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys
21:40:09.0015 0304 drmkaud - ok
21:40:09.0046 0304 EapHost (2187855a7703adef0cef9ee4285182cc) E:\WINDOWS\System32\eapsvc.dll
21:40:09.0046 0304 EapHost - ok
21:40:09.0062 0304 ERSvc (bc93b4a066477954555966d77fec9ecb) E:\WINDOWS\System32\ersvc.dll
21:40:09.0062 0304 ERSvc - ok
21:40:09.0093 0304 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) E:\WINDOWS\system32\drivers\es1371mp.sys
21:40:09.0093 0304 es1371 - ok
21:40:09.0140 0304 Eventlog (65df52f5b8b6e9bbd183505225c37315) E:\WINDOWS\system32\services.exe
21:40:09.0171 0304 Eventlog - ok
21:40:09.0218 0304 EventSystem (d4991d98f2db73c60d042f1aef79efae) E:\WINDOWS\System32\es.dll
21:40:09.0234 0304 EventSystem - ok
21:40:09.0250 0304 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys
21:40:09.0250 0304 Fastfat - ok
21:40:09.0296 0304 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) E:\WINDOWS\System32\shsvcs.dll
21:40:09.0296 0304 FastUserSwitchingCompatibility - ok
21:40:09.0312 0304 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\drivers\Fdc.sys
21:40:09.0312 0304 Fdc - ok
21:40:09.0328 0304 Fips (d45926117eb9fa946a6af572fbe1caa3) E:\WINDOWS\system32\drivers\Fips.sys
21:40:09.0328 0304 Fips - ok
21:40:09.0359 0304 FlashUSB (5575ee5823de1558f8486eb4e33ffa99) E:\WINDOWS\system32\DRIVERS\FlashUSB.sys
21:40:09.0359 0304 FlashUSB - ok
21:40:09.0375 0304 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\drivers\Flpydisk.sys
21:40:09.0375 0304 Flpydisk - ok
21:40:09.0390 0304 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys
21:40:09.0390 0304 FltMgr - ok
21:40:09.0531 0304 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) e:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:40:09.0531 0304 FontCache3.0.0.0 - ok
21:40:09.0546 0304 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys
21:40:09.0562 0304 Fs_Rec - ok
21:40:09.0562 0304 Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:40:09.0562 0304 Ftdisk - ok
21:40:09.0562 0304 gameenum (065639773d8b03f33577f6cdaea21063) E:\WINDOWS\system32\DRIVERS\gameenum.sys
21:40:09.0578 0304 gameenum - ok
21:40:09.0593 0304 GcKernel (72fe2bea6863d4eb93442a1c4fb5ca48) E:\WINDOWS\system32\DRIVERS\GcKernel.sys
21:40:09.0593 0304 GcKernel - ok
21:40:09.0609 0304 gdrv (54789f9ba0d59072cdd4e7c200e122c4) E:\WINDOWS\gdrv.sys
21:40:12.0140 0304 gdrv - ok
21:40:12.0203 0304 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) E:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
21:40:12.0203 0304 GEARAspiWDM - ok
21:40:12.0328 0304 getPlusHelper (0879dc7444a201df84e69c5dd5083d61) E:\Program Files\NOS\bin\getPlus_Helper.dll
21:40:12.0343 0304 getPlusHelper - ok
21:40:12.0375 0304 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys
21:40:12.0375 0304 Gpc - ok
21:40:12.0437 0304 gupdate (f02a533f517eb38333cb12a9e8963773) E:\Program Files\Google\Update\GoogleUpdate.exe
21:40:12.0437 0304 gupdate - ok
21:40:12.0437 0304 gupdatem (f02a533f517eb38333cb12a9e8963773) E:\Program Files\Google\Update\GoogleUpdate.exe
21:40:12.0437 0304 gupdatem - ok
21:40:12.0515 0304 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) E:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:40:12.0515 0304 helpsvc - ok
21:40:12.0531 0304 HidServ (deb04da35cc871b6d309b77e1443c796) E:\WINDOWS\System32\hidserv.dll
21:40:12.0546 0304 HidServ - ok
21:40:12.0562 0304 HIDSwvd (bd205320308fb41c88a4049a2d1764b4) E:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
21:40:12.0578 0304 HIDSwvd - ok
21:40:12.0593 0304 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys
21:40:12.0734 0304 HidUsb - ok
21:40:12.0765 0304 hkmsvc (8878bd685e490239777bfe51320b88e9) E:\WINDOWS\System32\kmsvc.dll
21:40:12.0765 0304 hkmsvc - ok
21:40:12.0765 0304 hpn - ok
21:40:12.0812 0304 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) E:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:40:12.0812 0304 HPZid412 - ok
21:40:12.0875 0304 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) E:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:40:12.0875 0304 HPZipr12 - ok
21:40:12.0875 0304 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) E:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:40:12.0875 0304 HPZius12 - ok
21:40:12.0906 0304 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) E:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
21:40:12.0906 0304 HTCAND32 - ok
21:40:12.0953 0304 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys
21:40:12.0953 0304 HTTP - ok
21:40:12.0968 0304 HTTPFilter (6100a808600f44d999cebdef8841c7a3) E:\WINDOWS\System32\w3ssl.dll
21:40:13.0000 0304 HTTPFilter - ok
21:40:13.0000 0304 i2omgmt - ok
21:40:13.0000 0304 i2omp - ok
21:40:13.0031 0304 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) E:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:40:13.0031 0304 i8042prt - ok
21:40:13.0093 0304 IDriverT (1cf03c69b49acb70c722df92755c0c8c) E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:40:13.0093 0304 IDriverT - ok
21:40:13.0234 0304 idsvc (c01ac32dc5c03076cfb852cb5da5229c) e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:40:13.0250 0304 idsvc - ok
21:40:13.0359 0304 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys
21:40:13.0359 0304 Imapi - ok
21:40:13.0421 0304 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) E:\WINDOWS\System32\imapi.exe
21:40:13.0421 0304 ImapiService - ok
21:40:13.0468 0304 incdrm (6f05034230ad665b8ad80214a3a9bc57) E:\WINDOWS\system32\drivers\incdrm.sys
21:40:13.0468 0304 incdrm - ok
21:40:13.0468 0304 ini910u - ok
21:40:13.0468 0304 IntelIde - ok
21:40:13.0531 0304 intelppm (8c953733d8f36eb2133f5bb58808b66b) E:\WINDOWS\system32\DRIVERS\intelppm.sys
21:40:13.0531 0304 intelppm - ok
21:40:13.0546 0304 ip6fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys
21:40:13.0562 0304 ip6fw - ok
21:40:13.0578 0304 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:40:13.0578 0304 IpFilterDriver - ok
21:40:13.0593 0304 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys
21:40:13.0593 0304 IpInIp - ok
21:40:13.0625 0304 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys
21:40:13.0625 0304 IpNat - ok
21:40:13.0640 0304 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys
21:40:13.0640 0304 IPSec - ok
21:40:13.0671 0304 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys
21:40:13.0671 0304 IRENUM - ok
21:40:13.0703 0304 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) E:\WINDOWS\system32\DRIVERS\isapnp.sys
21:40:13.0703 0304 isapnp - ok
21:40:13.0875 0304 JavaQuickStarterService (0a5709543986843d37a92290b7838340) E:\Program Files\Java\jre6\bin\jqs.exe
21:40:13.0875 0304 JavaQuickStarterService - ok
21:40:13.0906 0304 JRAID (c1632fe31d1824a43dea29725312e3fa) E:\WINDOWS\system32\DRIVERS\jraid.sys
21:40:13.0906 0304 JRAID - ok
21:40:13.0937 0304 Kbdclass (463c1ec80cd17420a542b7f36a36f128) E:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:40:13.0937 0304 Kbdclass - ok
21:40:13.0937 0304 kbdhid (9ef487a186dea361aa06913a75b3fa99) E:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:40:13.0937 0304 kbdhid - ok
21:40:13.0953 0304 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys
21:40:13.0953 0304 kmixer - ok
21:40:14.0015 0304 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys
21:40:14.0015 0304 KSecDD - ok
21:40:14.0046 0304 L8042Kbd (dc61f15187372d164769c841655e58f3) E:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
21:40:14.0046 0304 L8042Kbd - ok
21:40:14.0062 0304 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) E:\WINDOWS\System32\srvsvc.dll
21:40:14.0078 0304 lanmanserver - ok
21:40:14.0109 0304 lanmanworkstation (a8888a5327621856c0cec4e385f69309) E:\WINDOWS\System32\wkssvc.dll
21:40:14.0140 0304 lanmanworkstation - ok
21:40:14.0156 0304 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) E:\WINDOWS\system32\Drivers\LBeepKE.sys
21:40:14.0156 0304 LBeepKE - ok
21:40:14.0156 0304 lbrtfdc - ok
21:40:14.0203 0304 LBTServ (45b7d6bd6f59cba3fb6bf202223f4264) E:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
21:40:14.0203 0304 LBTServ - ok
21:40:14.0234 0304 LgBttPort (4dd47b5af0b24871ebb9efc012a7474e) E:\WINDOWS\system32\DRIVERS\lgbtport.sys
21:40:14.0234 0304 LgBttPort - ok
21:40:14.0265 0304 lgbusenum (1d038ca6c529203087a990e5e97887b4) E:\WINDOWS\system32\DRIVERS\lgbtbus.sys
21:40:14.0265 0304 lgbusenum - ok
21:40:14.0296 0304 LGVMODEM (26f1976a330195d62a6224c76968cf0d) E:\WINDOWS\system32\DRIVERS\lgvmodem.sys
21:40:14.0296 0304 LGVMODEM - ok
21:40:14.0312 0304 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) E:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
21:40:14.0312 0304 LHidFilt - ok
21:40:14.0359 0304 LmHosts (a7db739ae99a796d91580147e919cc59) E:\WINDOWS\System32\lmhsvc.dll
21:40:14.0359 0304 LmHosts - ok
21:40:14.0359 0304 LMouFilt (ab33792a87285344f43b5ce23421bab0) E:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
21:40:14.0359 0304 LMouFilt - ok
21:40:14.0406 0304 LycoFltr (f90bde6e9c7b6015edf1dc99a97b00c9) E:\WINDOWS\system32\Drivers\Lycosa.sys
21:40:14.0406 0304 LycoFltr - ok
21:40:14.0453 0304 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) E:\WINDOWS\system32\drivers\mbamchameleon.sys
21:40:14.0453 0304 mbamchameleon - ok
21:40:14.0468 0304 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) E:\WINDOWS\system32\drivers\mbam.sys
21:40:14.0468 0304 MBAMProtector - ok
21:40:14.0562 0304 MBAMService (ba400ed640bca1eae5c727ae17c10207) E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:40:14.0578 0304 MBAMService - ok
21:40:14.0593 0304 Messenger (986b1ff5814366d71e0ac5755c88f2d3) E:\WINDOWS\System32\msgsvc.dll
21:40:14.0609 0304 Messenger - ok
21:40:14.0718 0304 Micorsoft Windows Service - ok
21:40:14.0734 0304 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys
21:40:14.0734 0304 mnmdd - ok
21:40:14.0734 0304 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) E:\WINDOWS\System32\mnmsrvc.exe
21:40:14.0750 0304 mnmsrvc - ok
21:40:14.0796 0304 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) E:\WINDOWS\system32\drivers\Modem.sys
21:40:14.0796 0304 Modem - ok
21:40:14.0812 0304 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) E:\WINDOWS\system32\DRIVERS\mouclass.sys
21:40:14.0828 0304 Mouclass - ok
21:40:14.0828 0304 mouhid (b1c303e17fb9d46e87a98e4ba6769685) E:\WINDOWS\system32\DRIVERS\mouhid.sys
21:40:14.0828 0304 mouhid - ok
21:40:14.0828 0304 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys
21:40:14.0828 0304 MountMgr - ok
21:40:14.0937 0304 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:40:14.0937 0304 MozillaMaintenance - ok
21:40:14.0937 0304 mraid35x - ok
21:40:14.0937 0304 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:40:14.0953 0304 MRxDAV - ok
21:40:15.0000 0304 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:40:15.0000 0304 MRxSmb - ok
21:40:15.0015 0304 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) E:\WINDOWS\System32\msdtc.exe
21:40:15.0031 0304 MSDTC - ok
21:40:15.0031 0304 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys
21:40:15.0031 0304 Msfs - ok
21:40:15.0031 0304 MSIServer - ok
21:40:15.0046 0304 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys
21:40:15.0046 0304 MSKSSRV - ok
21:40:15.0062 0304 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:40:15.0062 0304 MSPCLOCK - ok
21:40:15.0078 0304 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys
21:40:15.0078 0304 MSPQM - ok
21:40:15.0078 0304 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:40:15.0078 0304 mssmbios - ok
21:40:15.0109 0304 Mup (de6a75f5c270e756c5508d94b6cf68f5) E:\WINDOWS\system32\drivers\Mup.sys
21:40:15.0109 0304 Mup - ok
21:40:15.0140 0304 napagent (0102140028fad045756796e1c685d695) E:\WINDOWS\System32\qagentrt.dll
21:40:15.0140 0304 napagent - ok
21:40:15.0156 0304 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys
21:40:15.0156 0304 NDIS - ok
21:40:15.0203 0304 NdisTapi (0109c4f3850dfbab279542515386ae22) E:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:40:15.0203 0304 NdisTapi - ok
21:40:15.0203 0304 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:40:15.0203 0304 Ndisuio - ok
21:40:15.0218 0304 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:40:15.0218 0304 NdisWan - ok
21:40:15.0265 0304 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) E:\WINDOWS\system32\drivers\NDProxy.sys
21:40:15.0265 0304 NDProxy - ok
21:40:15.0281 0304 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys
21:40:15.0281 0304 NetBIOS - ok
21:40:15.0296 0304 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys
21:40:15.0296 0304 NetBT - ok
21:40:15.0343 0304 NetDDE (b857ba82860d7ff85ae29b095645563b) E:\WINDOWS\system32\netdde.exe
21:40:15.0343 0304 NetDDE - ok
21:40:15.0343 0304 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) E:\WINDOWS\system32\netdde.exe
21:40:15.0343 0304 NetDDEdsdm - ok
21:40:15.0375 0304 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) E:\WINDOWS\System32\lsass.exe
21:40:15.0375 0304 Netlogon - ok
21:40:15.0390 0304 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) E:\WINDOWS\System32\netman.dll
21:40:15.0406 0304 Netman - ok
21:40:15.0531 0304 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:40:15.0531 0304 NetTcpPortSharing - ok
21:40:15.0578 0304 Nla (943337d786a56729263071623bbb9de5) E:\WINDOWS\System32\mswsock.dll
21:40:15.0578 0304 Nla - ok
21:40:15.0609 0304 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys
21:40:15.0609 0304 Npfs - ok
21:40:15.0656 0304 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys
21:40:15.0671 0304 Ntfs - ok
21:40:15.0671 0304 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) E:\WINDOWS\System32\lsass.exe
21:40:15.0671 0304 NtLmSsp - ok
21:40:15.0703 0304 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) E:\WINDOWS\system32\ntmssvc.dll
21:40:15.0718 0304 NtmsSvc - ok
21:40:15.0765 0304 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys
21:40:15.0765 0304 Null - ok
21:40:16.0312 0304 nv (0dc79b60cedc3a8854c27b3c6e4b3414) E:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:40:16.0578 0304 nv - ok
21:40:16.0718 0304 NVSvc (971b4344aba9b79ed0e9d0bb2a5283c1) E:\WINDOWS\system32\nvsvc32.exe
21:40:16.0718 0304 NVSvc - ok
21:40:16.0765 0304 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:40:16.0765 0304 NwlnkFlt - ok
21:40:16.0765 0304 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:40:16.0765 0304 NwlnkFwd - ok
21:40:16.0828 0304 ose (9d10f99a6712e28f8acd5641e3a7ea6b) E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:40:16.0828 0304 ose - ok
21:40:17.0062 0304 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) E:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:40:17.0125 0304 osppsvc - ok
21:40:17.0250 0304 Parport (5575faf8f97ce5e713d108c2a58d7c7c) E:\WINDOWS\system32\drivers\Parport.sys
21:40:17.0250 0304 Parport - ok
21:40:17.0265 0304 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys
21:40:17.0281 0304 PartMgr - ok
21:40:17.0312 0304 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys
21:40:17.0312 0304 ParVdm - ok
21:40:17.0343 0304 PCI (a219903ccf74233761d92bef471a07b1) E:\WINDOWS\system32\DRIVERS\pci.sys
21:40:17.0343 0304 PCI - ok
21:40:17.0343 0304 PCIDump - ok
21:40:17.0375 0304 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) E:\WINDOWS\system32\DRIVERS\pciide.sys
21:40:17.0375 0304 PCIIde - ok
21:40:17.0390 0304 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) E:\WINDOWS\system32\drivers\Pcmcia.sys
21:40:17.0406 0304 Pcmcia - ok
21:40:17.0406 0304 PDCOMP - ok
21:40:17.0406 0304 PDFRAME - ok
21:40:17.0406 0304 PDRELI - ok
21:40:17.0406 0304 PDRFRAME - ok
21:40:17.0421 0304 perc2 - ok
21:40:17.0421 0304 perc2hib - ok
21:40:17.0468 0304 PlugPlay (65df52f5b8b6e9bbd183505225c37315) E:\WINDOWS\system32\services.exe
21:40:17.0468 0304 PlugPlay - ok
21:40:17.0515 0304 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) E:\WINDOWS\system32\HPZipm12.exe
21:40:17.0515 0304 Pml Driver HPZ12 - ok
21:40:17.0546 0304 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) E:\WINDOWS\System32\lsass.exe
21:40:17.0546 0304 PolicyAgent - ok
21:40:17.0578 0304 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys
21:40:17.0578 0304 PptpMiniport - ok
21:40:17.0578 0304 Processor (a32bebaf723557681bfc6bd93e98bd26) E:\WINDOWS\system32\DRIVERS\processr.sys
21:40:17.0578 0304 Processor - ok
21:40:17.0640 0304 Profos - ok
21:40:17.0640 0304 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) E:\WINDOWS\system32\lsass.exe
21:40:17.0640 0304 ProtectedStorage - ok
21:40:17.0640 0304 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys
21:40:17.0656 0304 PSched - ok
21:40:17.0656 0304 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys
21:40:17.0656 0304 Ptilink - ok
21:40:17.0687 0304 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) E:\WINDOWS\system32\Drivers\PxHelp20.sys
21:40:17.0703 0304 PxHelp20 - ok
21:40:17.0703 0304 ql1080 - ok
21:40:17.0703 0304 Ql10wnt - ok
21:40:17.0703 0304 ql12160 - ok
21:40:17.0703 0304 ql1240 - ok
21:40:17.0718 0304 ql1280 - ok
21:40:17.0750 0304 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys
21:40:17.0750 0304 RasAcd - ok
21:40:17.0781 0304 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) E:\WINDOWS\System32\rasauto.dll
21:40:17.0781 0304 RasAuto - ok
21:40:17.0812 0304 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:40:17.0812 0304 Rasl2tp - ok
21:40:17.0859 0304 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) E:\WINDOWS\System32\rasmans.dll
21:40:17.0859 0304 RasMan - ok
21:40:17.0859 0304 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:40:17.0859 0304 RasPppoe - ok
21:40:17.0875 0304 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys
21:40:17.0875 0304 Raspti - ok
21:40:17.0890 0304 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys
21:40:17.0890 0304 Rdbss - ok
21:40:17.0890 0304 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:40:17.0890 0304 RDPCDD - ok
21:40:17.0937 0304 RDPWD (5b3055daa788bd688594d2f5981f2a83) E:\WINDOWS\system32\drivers\RDPWD.sys
21:40:17.0937 0304 RDPWD - ok
21:40:17.0953 0304 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) E:\WINDOWS\system32\sessmgr.exe
21:40:17.0953 0304 RDSessMgr - ok
21:40:17.0968 0304 redbook (f828dd7e1419b6653894a8f97a0094c5) E:\WINDOWS\system32\DRIVERS\redbook.sys
21:40:17.0968 0304 redbook - ok
21:40:18.0000 0304 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) E:\WINDOWS\System32\mprdim.dll
21:40:18.0000 0304 RemoteAccess - ok
21:40:18.0046 0304 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) E:\WINDOWS\system32\DRIVERS\rfcomm.sys
21:40:18.0046 0304 RFCOMM - ok
21:40:18.0046 0304 RpcLocator (aaed593f84afa419bbae8572af87cf6a) E:\WINDOWS\System32\locator.exe
21:40:18.0046 0304 RpcLocator - ok
21:40:18.0109 0304 RpcSs (6b27a5c03dfb94b4245739065431322c) E:\WINDOWS\system32\rpcss.dll
21:40:18.0109 0304 RpcSs - ok
21:40:18.0140 0304 RSVP (471b3f9741d762abe75e9deea4787e47) E:\WINDOWS\System32\rsvp.exe
21:40:18.0156 0304 RSVP - ok
21:40:18.0187 0304 RTLE8023xp (badabe0940c01619e8510b90fb314929) E:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:40:18.0187 0304 RTLE8023xp - ok
21:40:18.0187 0304 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) E:\WINDOWS\system32\lsass.exe
21:40:18.0203 0304 SamSs - ok
21:40:18.0312 0304 SASDIFSV (39763504067962108505bff25f024345) E:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:40:18.0312 0304 SASDIFSV - ok
21:40:18.0312 0304 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:40:18.0312 0304 SASKUTIL - ok
21:40:18.0328 0304 SCardSvr (86d007e7a654b9a71d1d7d856b104353) E:\WINDOWS\System32\SCardSvr.exe
21:40:18.0328 0304 SCardSvr - ok
21:40:18.0359 0304 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) E:\WINDOWS\system32\schedsvc.dll
21:40:18.0375 0304 Schedule - ok
21:40:18.0406 0304 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys
21:40:18.0421 0304 Secdrv - ok
21:40:18.0437 0304 seclogon (cbe612e2bb6a10e3563336191eda1250) E:\WINDOWS\System32\seclogon.dll
21:40:18.0453 0304 seclogon - ok
21:40:18.0453 0304 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) E:\WINDOWS\system32\sens.dll
21:40:18.0453 0304 SENS - ok
21:40:18.0500 0304 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) E:\WINDOWS\system32\drivers\Serial.sys
21:40:18.0500 0304 Serial - ok
21:40:18.0578 0304 ServiceLayer (56eb980da71b94b79a341615c3c256cf) E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:40:18.0578 0304 ServiceLayer - ok
21:40:18.0640 0304 sfdrv01 (4c0d673281178cb496011a2e28571fc8) E:\WINDOWS\system32\drivers\sfdrv01.sys
21:40:18.0640 0304 sfdrv01 - ok
21:40:18.0640 0304 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) E:\WINDOWS\system32\drivers\sfhlp02.sys
21:40:18.0640 0304 sfhlp02 - ok
21:40:18.0687 0304 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys
21:40:18.0687 0304 Sfloppy - ok
21:40:18.0687 0304 sfsync02 (efebbc1d13fdb77a6af4eddfc7232edf) E:\WINDOWS\system32\drivers\sfsync02.sys
21:40:18.0703 0304 sfsync02 - ok
21:40:18.0718 0304 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) E:\WINDOWS\System32\ipnathlp.dll
21:40:18.0718 0304 SharedAccess - ok
21:40:18.0765 0304 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) E:\WINDOWS\System32\shsvcs.dll
21:40:18.0765 0304 ShellHWDetection - ok
21:40:18.0765 0304 Simbad - ok
21:40:18.0765 0304 Sparrow - ok
21:40:18.0796 0304 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys
21:40:18.0796 0304 splitter - ok
21:40:18.0843 0304 Spooler (60784f891563fb1b767f70117fc2428f) E:\WINDOWS\system32\spoolsv.exe
21:40:18.0843 0304 Spooler - ok
21:40:18.0921 0304 sptd (71e276f6d189413266ea22171806597b) E:\WINDOWS\System32\Drivers\sptd.sys
21:40:18.0921 0304 sptd - ok
21:40:18.0937 0304 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) E:\WINDOWS\system32\DRIVERS\sr.sys
21:40:18.0937 0304 sr - ok
21:40:18.0968 0304 srservice (3805df0ac4296a34ba4bf93b346cc378) E:\WINDOWS\System32\srsvc.dll
21:40:18.0968 0304 srservice - ok
21:40:19.0000 0304 Srv (47ddfc2f003f7f9f0592c6874962a2e7) E:\WINDOWS\system32\DRIVERS\srv.sys
21:40:19.0000 0304 Srv - ok
21:40:19.0031 0304 SSDPSRV (0a5679b3714edab99e357057ee88fca6) E:\WINDOWS\System32\ssdpsrv.dll
21:40:19.0031 0304 SSDPSRV - ok
21:40:19.0078 0304 StillCam (a9573045baa16eab9b1085205b82f1ed) E:\WINDOWS\system32\DRIVERS\serscan.sys
21:40:19.0078 0304 StillCam - ok
21:40:19.0140 0304 stisvc (8bad69cbac032d4bbacfce0306174c30) E:\WINDOWS\system32\wiaservc.dll
21:40:19.0156 0304 stisvc - ok
21:40:19.0187 0304 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys
21:40:19.0187 0304 swenum - ok
21:40:19.0218 0304 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys
21:40:19.0218 0304 swmidi - ok
21:40:19.0218 0304 SwPrv - ok
21:40:19.0234 0304 symc810 - ok
21:40:19.0234 0304 symc8xx - ok
21:40:19.0234 0304 sym_hi - ok
21:40:19.0234 0304 sym_u3 - ok
21:40:19.0265 0304 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys
21:40:19.0265 0304 sysaudio - ok
21:40:19.0296 0304 SysmonLog (c7abbc59b43274b1109df6b24d617051) E:\WINDOWS\system32\smlogsvc.exe
21:40:19.0312 0304 SysmonLog - ok
21:40:19.0328 0304 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) E:\WINDOWS\System32\tapisrv.dll
21:40:19.0328 0304 TapiSrv - ok
21:40:19.0390 0304 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys
21:40:19.0406 0304 Tcpip - ok
21:40:19.0437 0304 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys
21:40:19.0437 0304 TDPIPE - ok
21:40:19.0453 0304 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys
21:40:19.0453 0304 TDTCP - ok
21:40:19.0484 0304 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys
21:40:19.0484 0304 TermDD - ok
21:40:19.0500 0304 TermService (ff3477c03be7201c294c35f684b3479f) E:\WINDOWS\System32\termsrv.dll
21:40:19.0515 0304 TermService - ok
21:40:19.0562 0304 Themes (99bc0b50f511924348be19c7c7313bbf) E:\WINDOWS\System32\shsvcs.dll
21:40:19.0562 0304 Themes - ok
21:40:19.0562 0304 TosIde - ok
21:40:19.0578 0304 TrkWks (55bca12f7f523d35ca3cb833c725f54e) E:\WINDOWS\system32\trkwks.dll
21:40:19.0578 0304 TrkWks - ok
21:40:19.0609 0304 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys
21:40:19.0609 0304 Udfs - ok
21:40:19.0609 0304 ultra - ok
21:40:19.0656 0304 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys
21:40:19.0656 0304 Update - ok
21:40:19.0687 0304 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) E:\WINDOWS\System32\upnphost.dll
21:40:19.0703 0304 upnphost - ok
21:40:19.0703 0304 UPS (05365fb38fca1e98f7a566aaaf5d1815) E:\WINDOWS\System32\ups.exe
21:40:19.0703 0304 UPS - ok
21:40:19.0750 0304 usbbus (9419faac6552a51542dbba02971c841c) E:\WINDOWS\system32\DRIVERS\lgusbbus.sys
21:40:19.0765 0304 usbbus - ok
21:40:19.0765 0304 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:40:19.0765 0304 usbccgp - ok
21:40:19.0796 0304 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) E:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
21:40:19.0812 0304 UsbDiag - ok
21:40:19.0828 0304 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys
21:40:19.0828 0304 usbehci - ok
21:40:19.0843 0304 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys
21:40:19.0843 0304 usbhub - ok
21:40:19.0875 0304 USBModem (f74a54774a9b0afeb3c40adec68aa600) E:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
21:40:19.0875 0304 USBModem - ok
21:40:19.0890 0304 usbprint (a717c8721046828520c9edf31288fc00) E:\WINDOWS\system32\DRIVERS\usbprint.sys
21:40:19.0890 0304 usbprint - ok
21:40:19.0906 0304 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) E:\WINDOWS\system32\DRIVERS\usbscan.sys
21:40:19.0906 0304 usbscan - ok
21:40:19.0937 0304 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:40:19.0937 0304 USBSTOR - ok
21:40:19.0953 0304 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) E:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:40:19.0953 0304 usbuhci - ok
21:40:19.0968 0304 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys
21:40:19.0968 0304 VgaSave - ok
21:40:19.0968 0304 ViaIde - ok
21:40:19.0968 0304 VolSnap (4c8fcb5cc53aab716d810740fe59d025) E:\WINDOWS\system32\drivers\VolSnap.sys
21:40:19.0968 0304 VolSnap - ok
21:40:19.0984 0304 VSS (7a9db3a67c333bf0bd42e42b8596854b) E:\WINDOWS\System32\vssvc.exe
21:40:20.0000 0304 VSS - ok
21:40:20.0015 0304 W32Time (54af4b1d5459500ef0937f6d33b1914f) E:\WINDOWS\System32\w32time.dll
21:40:20.0015 0304 W32Time - ok
21:40:20.0031 0304 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys
21:40:20.0031 0304 Wanarp - ok
21:40:20.0093 0304 Wdf01000 (d918617b46457b9ac28027722e30f647) E:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:40:20.0093 0304 Wdf01000 - ok
21:40:20.0093 0304 WDICA - ok
21:40:20.0125 0304 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys
21:40:20.0125 0304 wdmaud - ok
21:40:20.0140 0304 WebClient (77a354e28153ad2d5e120a5a8687bc06) E:\WINDOWS\System32\webclnt.dll
21:40:20.0156 0304 WebClient - ok
21:40:20.0250 0304 winmgmt (2d0e4ed081963804ccc196a0929275b5) E:\WINDOWS\system32\wbem\WMIsvc.dll
21:40:20.0250 0304 winmgmt - ok
21:40:20.0296 0304 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) E:\WINDOWS\system32\mspmsnsv.dll
21:40:20.0312 0304 WmdmPmSN - ok
21:40:20.0312 0304 WmiApSrv (e0673f1106e62a68d2257e376079f821) E:\WINDOWS\System32\wbem\wmiapsrv.exe
21:40:20.0328 0304 WmiApSrv - ok
21:40:20.0453 0304 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) E:\Program Files\Windows Media Player\WMPNetwk.exe
21:40:20.0468 0304 WMPNetworkSvc - ok
21:40:20.0578 0304 WpdUsb (cf4def1bf66f06964dc0d91844239104) E:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:40:20.0578 0304 WpdUsb - ok
21:40:20.0609 0304 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) E:\WINDOWS\System32\drivers\ws2ifsl.sys
21:40:20.0609 0304 WS2IFSL - ok
21:40:20.0656 0304 wscsvc (7c278e6408d1dce642230c0585a854d5) E:\WINDOWS\system32\wscsvc.dll
21:40:20.0687 0304 wscsvc - ok
21:40:20.0718 0304 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) E:\WINDOWS\system32\wuauserv.dll
21:40:20.0781 0304 wuauserv - ok
21:40:20.0828 0304 WudfPf (50eb9e21963b4f06fd010d007d54351b) E:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:40:20.0828 0304 WudfPf - ok
21:40:20.0843 0304 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) E:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:40:20.0859 0304 WudfRd - ok
21:40:20.0875 0304 WudfSvc (ae93084d2d236887ba56467ae42b4955) E:\WINDOWS\System32\WUDFSvc.dll
21:40:20.0890 0304 WudfSvc - ok
21:40:20.0953 0304 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) E:\WINDOWS\System32\wzcsvc.dll
21:40:20.0968 0304 WZCSVC - ok
21:40:21.0000 0304 xmlprov (295d21f14c335b53cb8154e5b1f892b9) E:\WINDOWS\System32\xmlprov.dll
21:40:21.0015 0304 xmlprov - ok
21:40:21.0046 0304 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:40:21.0296 0304 \Device\Harddisk0\DR0 - ok
21:40:21.0328 0304 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
21:40:21.0515 0304 \Device\Harddisk1\DR1 - ok
21:40:21.0515 0304 Boot (0x1200) (db088624d7744c239661d26b0b7bd1a0) \Device\Harddisk0\DR0\Partition0
21:40:21.0515 0304 \Device\Harddisk0\DR0\Partition0 - ok
21:40:21.0546 0304 Boot (0x1200) (c47bc51460f849d0a47b2cf5167cd838) \Device\Harddisk0\DR0\Partition1
21:40:21.0546 0304 \Device\Harddisk0\DR0\Partition1 - ok
21:40:21.0546 0304 Boot (0x1200) (fd7cb3a9a0e870c688b13e11b679d944) \Device\Harddisk1\DR1\Partition0
21:40:21.0546 0304 \Device\Harddisk1\DR1\Partition0 - ok
21:40:21.0546 0304 ============================================================
21:40:21.0546 0304 Scan finished
21:40:21.0546 0304 ============================================================
21:40:21.0546 2948 Detected object count: 0
21:40:21.0546 2948 Actual detected object count: 0


Also fastscan has started running on my computer (I did not start this I think it's part of Trojan Remover?) and says E:\Documents and Settings\karl\Local Settings\Application Data\qqeymqug\ywvlwqew.exe athe registry winlogon "userinit" entry loads this file, a file with this name has not been found.


Results from VirusTotal....

https://www.virustotal.com/file/d198...is/1340570929/

In answer to your question, yes it gave files and paths

I did not have any problems following your instruction.

Regards
Karl