Computers acting up

[Sam1]

Hey again,

 

I don't know if its a malware thing or just a massive coincidence but I have been having strange computer problems. Such as two weeks ago when I updated malwarebytes, it created an identicle shortcut to it, which when activated woulnd't update. (since a re-install the shortcut has remained, copied itself but malwarebytes runs fine).

 

My desktop icons have spontaniously re-organised themselves several times and sometimes, firefox has crashed much more than often and my computer in general has been slower than usual.

 

So I thought it would be best to have you guys take a quick look at it and either give me a rubber stamp and send me on my way or confirm my suspicions.

 

I ran TFC and malwarebytes, no issues with either programme and malwarebytes detected nothing.

 

I ran OTL and here are the relevant outputs.

 

Thanks in advance for any help you can give me!

 

OTL.txt:

 

OTL logfile created on: 09/02/2011 14:03:43 - Run 1

OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Sam\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69.05 Gb Total Space | 2.41 Gb Free Space | 3.49% Space Free | Partition Type: NTFS

Drive D: | 70.00 Gb Total Space | 36.29 Gb Free Space | 51.84% Space Free | Partition Type: NTFS

Drive G: | 1.87 Gb Total Space | 1.13 Gb Free Space | 60.24% Space Free | Partition Type: FAT

 

Computer Name: SAM-PC | User Name: Sam | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Sam\Desktop\OTL.scr (OldTimer Tools)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)

PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)

PRC - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ccsvchst.exe (Symantec Corporation)

PRC - C:\Users\Sam\AppData\Local\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

PRC - C:\Users\Sam\AppData\Local\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)

PRC - C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)

PRC - C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Users\Sam\Desktop\OTL.scr (OldTimer Tools)

MOD - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\asoehook.dll (Symantec Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)

MOD - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)

SRV - (PuranDefrag) -- C:\Windows\System32\PuranDefragS.exe (Puran Software)

SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (N360) -- C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe (Symantec Corporation)

SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

SRV - (Samsung Update Plus) -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)

SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110208.037\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110208.037\NAVENG.SYS (Symantec Corporation)

DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()

DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110114.001\BHDrvx86.sys (Symantec Corporation)

DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110208.003\IDSvix86.sys (Symantec Corporation)

DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS (Symantec Corporation)

DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS (Symantec Corporation)

DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation)

DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation)

DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation)

DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS (Symantec Corporation)

DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS (Symantec Corporation)

DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS (Symantec Corporation)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (ccHP) -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys (Symantec Corporation)

DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS (Symantec Corporation)

DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)

DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Sun Microsystems, Inc.)

DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Sun Microsystems, Inc.)

DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Sun Microsystems, Inc.)

DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)

DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)

DRV - (RsFx0102) -- C:\Windows\System32\drivers\RsFx0102.sys (Microsoft Corporation)

DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation)

DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)

DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)

DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)

DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)

DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)

DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.7

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/06/05 12:19:24 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/06/03 22:14:50 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 13:09:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 13:09:41 | 000,000,000 | ---D | M]

 

[2008/10/29 23:26:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Extensions

[2011/02/09 00:54:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\ekm3fby4.default\extensions

[2010/04/27 21:06:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\ekm3fby4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/02/03 15:27:21 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\ekm3fby4.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2010/09/14 11:03:23 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\ekm3fby4.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2011/01/28 14:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/06/02 02:22:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/11/10 00:59:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/01/28 14:02:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2010/06/03 22:14:50 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\COFFPLGN

[2010/06/05 12:19:24 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPLGN

[2009/03/31 21:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll

[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CCMSDK.dll

[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll

[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll

[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll

[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll

[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

[2010/10/28 14:19:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/10/28 14:19:02 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/10/28 14:19:02 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/10/28 14:19:02 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

 

O1 HOSTS File: ([2010/05/31 11:01:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ConnectionCenter] C:\Users\Sam\AppData\Local\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: travian.com ([s5] http in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Users\Sam\Pictures\world-by-night.jpg

O24 - Desktop BackupWallPaper: C:\Users\Sam\Pictures\world-by-night.jpg

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/02/09 14:02:03 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.scr

[2011/02/09 12:03:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/02/09 12:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/02/09 12:03:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/02/09 12:02:27 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sam\Desktop\m-setup.exe

[2011/02/08 23:50:35 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011/02/08 23:50:32 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2011/02/08 23:50:31 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2011/02/08 23:50:22 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll

[2011/02/08 23:50:21 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2011/02/08 23:50:21 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2011/02/08 23:50:21 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll

[2011/02/08 23:50:21 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2011/02/08 23:50:20 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll

[2011/02/08 23:50:20 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2011/02/08 23:50:20 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll

[2011/02/08 23:50:20 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2011/02/08 23:50:20 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll

[2011/02/08 23:50:19 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll

[2011/02/08 23:50:19 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll

[2011/02/08 23:50:19 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll

[2011/02/08 23:50:19 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll

[2011/02/08 23:50:18 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll

[2011/02/08 23:50:18 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll

[2011/02/08 23:50:18 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2011/02/08 23:50:18 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2011/02/08 23:50:17 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe

[2011/02/08 23:50:17 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll

[2011/02/08 23:50:17 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll

[2011/02/08 23:50:17 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll

[2011/02/08 23:50:14 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll

[2011/02/08 23:50:14 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll

[2011/02/08 23:50:13 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll

[2011/02/08 23:49:05 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2011/02/08 23:49:04 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011/02/08 23:49:04 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2011/02/08 23:49:04 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2011/02/08 23:49:04 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll

[2011/02/08 23:49:03 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2011/02/08 23:49:01 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2011/02/08 23:49:00 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2011/02/07 21:14:55 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Spreadsheets

[2011/02/05 11:52:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64

[2011/01/28 14:02:14 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2011/01/28 14:02:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2011/01/28 14:02:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2011/01/25 18:23:37 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Experiment

[2011/01/24 22:50:00 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\Self_data

[2011/01/22 15:47:38 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\MCEdit-schematics

[2011/01/22 15:40:49 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\INVedit

[2011/01/22 15:40:41 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\MCEdit-alpha78-32bit-win32

[2011/01/12 09:29:21 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll

[2011/01/12 09:29:02 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe

[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

[2006/11/24 05:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll

[2006/11/24 05:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll

 

========== Files - Modified Within 30 Days ==========

 

[2011/02/09 14:02:06 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.scr

[2011/02/09 13:57:11 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/02/09 13:57:11 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/02/09 13:09:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/02/09 13:04:14 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2011/02/09 12:43:14 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E584CAFF-0538-4717-9C4D-FC8EEF4A96C5}.job

[2011/02/09 12:07:42 | 000,725,262 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/02/09 12:07:42 | 000,152,582 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/02/09 12:03:20 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/02/09 12:02:41 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sam\Desktop\m-setup.exe

[2011/02/09 11:59:14 | 000,000,906 | ---- | M] () -- C:\Users\Sam\Desktop\Malwarebytes' Anti-Malware (2).lnk

[2011/02/09 11:57:22 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/02/09 11:57:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/02/09 11:55:08 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011/02/09 11:48:32 | 000,377,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/02/08 18:00:00 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job

[2011/02/08 17:52:26 | 000,010,828 | ---- | M] () -- C:\Users\Sam\Documents\thing.docx

[2011/02/08 17:41:03 | 000,000,117 | ---- | M] () -- C:\Users\Sam\jagex_runescape_preferences2.dat

[2011/02/08 17:41:03 | 000,000,046 | ---- | M] () -- C:\Users\Sam\jagex_runescape_preferences.dat

[2011/02/08 00:13:26 | 000,046,080 | ---- | M] () -- C:\Users\Sam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/02/07 21:14:47 | 000,215,796 | ---- | M] () -- C:\Users\Sam\Desktop\Spreadsheets.zip

[2011/01/30 00:18:41 | 000,011,906 | ---- | M] () -- C:\Users\Sam\Documents\Life is just a series of trips.docx

[2011/01/26 18:57:10 | 000,013,378 | ---- | M] () -- C:\Users\Sam\Documents\Debts.xlsx

[2011/01/25 18:09:13 | 000,007,064 | ---- | M] () -- C:\Users\Sam\Documents\Self.aup

[2011/01/24 22:58:56 | 000,011,544 | ---- | M] () -- C:\Users\Sam\Documents\Self hypnosis.docx

[2011/01/24 22:58:52 | 000,007,063 | ---- | M] () -- C:\Users\Sam\Documents\Self.aup.bak

[2011/01/23 21:23:56 | 000,015,081 | ---- | M] () -- C:\Users\Sam\Documents\4 leveled maze.xlsx

[2011/01/22 16:21:53 | 000,001,358 | ---- | M] () -- C:\Users\Sam\Documents\mcedit.ini

[2011/01/22 15:31:59 | 010,840,756 | ---- | M] () -- C:\Users\Sam\Desktop\MCEdit-alpha78-32bit-win32.zip

[2011/01/22 15:29:52 | 000,164,826 | ---- | M] () -- C:\Users\Sam\Desktop\INVedit.zip

[2011/01/21 14:04:27 | 000,006,025 | ---- | M] () -- C:\Users\Sam\.recently-used.xbel

[2011/01/20 16:08:16 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll

[2011/01/20 16:08:06 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll

[2011/01/20 16:08:06 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2011/01/20 16:08:06 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll

[2011/01/20 16:08:06 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2011/01/20 16:07:58 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll

[2011/01/20 16:06:38 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll

[2011/01/20 16:06:35 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll

[2011/01/20 16:04:54 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll

[2011/01/20 16:04:54 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll

[2011/01/20 14:28:38 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll

[2011/01/20 14:27:50 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2011/01/20 14:26:30 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe

[2011/01/20 14:25:25 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll

[2011/01/20 14:24:32 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2011/01/20 14:24:26 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll

[2011/01/20 14:15:10 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll

[2011/01/20 14:14:39 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll

[2011/01/20 14:14:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll

[2011/01/20 14:14:03 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll

[2011/01/20 14:12:46 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2011/01/20 14:11:34 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll

[2011/01/20 13:47:51 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2011/01/20 13:44:05 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2011/01/20 13:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll

[2011/01/16 16:39:00 | 000,012,264 | ---- | M] () -- C:\Users\Sam\Documents\plasma 2.docx

 

========== Files Created - No Company Name ==========

 

[2011/02/09 12:03:20 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/02/09 11:59:14 | 000,000,906 | ---- | C] () -- C:\Users\Sam\Desktop\Malwarebytes' Anti-Malware (2).lnk

[2011/02/08 17:52:25 | 000,010,828 | ---- | C] () -- C:\Users\Sam\Documents\thing.docx

[2011/02/07 21:14:46 | 000,215,796 | ---- | C] () -- C:\Users\Sam\Desktop\Spreadsheets.zip

[2011/01/30 00:12:27 | 000,011,906 | ---- | C] () -- C:\Users\Sam\Documents\Life is just a series of trips.docx

[2011/01/24 22:50:00 | 000,007,064 | ---- | C] () -- C:\Users\Sam\Documents\Self.aup

[2011/01/24 22:50:00 | 000,007,063 | ---- | C] () -- C:\Users\Sam\Documents\Self.aup.bak

[2011/01/24 22:03:04 | 000,011,544 | ---- | C] () -- C:\Users\Sam\Documents\Self hypnosis.docx

[2011/01/22 18:06:21 | 000,015,081 | ---- | C] () -- C:\Users\Sam\Documents\4 leveled maze.xlsx

[2011/01/22 15:47:38 | 000,001,358 | ---- | C] () -- C:\Users\Sam\Documents\mcedit.ini

[2011/01/22 15:29:49 | 000,164,826 | ---- | C] () -- C:\Users\Sam\Desktop\INVedit.zip

[2011/01/22 15:29:26 | 010,840,756 | ---- | C] () -- C:\Users\Sam\Desktop\MCEdit-alpha78-32bit-win32.zip

[2011/01/21 14:04:27 | 000,006,025 | ---- | C] () -- C:\Users\Sam\.recently-used.xbel

[2011/01/15 18:29:30 | 000,012,264 | ---- | C] () -- C:\Users\Sam\Documents\plasma 2.docx

[2010/11/30 19:37:46 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll

[2010/11/30 19:37:46 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys

[2010/11/30 19:31:03 | 000,000,059 | ---- | C] () -- C:\Windows\wininit.ini

[2010/11/30 19:26:21 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt

[2010/11/30 19:05:23 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys

[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll

[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll

[2010/03/18 17:08:54 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2009/09/10 22:20:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/09/02 12:03:04 | 000,139,152 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\PnkBstrK.sys

[2009/09/02 12:03:04 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/04/10 19:11:51 | 000,000,680 | ---- | C] () -- C:\Users\Sam\AppData\Local\d3d9caps.dat

[2009/02/16 11:59:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2009/02/11 17:38:30 | 000,212,872 | ---- | C] () -- C:\Users\Sam\AppData\Local\debuggee.mdmp

[2008/09/10 20:39:19 | 000,046,080 | ---- | C] () -- C:\Users\Sam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/06/25 08:06:44 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini

[2008/06/25 07:47:10 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini

[2008/06/25 07:47:10 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini

[2008/06/25 06:11:27 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2008/06/25 06:11:05 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll

[2008/06/25 06:11:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll

[2008/05/04 17:08:55 | 000,020,480 | ---- | C] () -- C:\Windows\System32\CPUINFO2.DLL

[2007/02/15 07:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll

[2006/11/29 08:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll

[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/10/09 01:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll

[2001/11/14 03:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

[1997/06/14 02:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

 

========== LOP Check ==========

 

[2011/02/02 18:50:07 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\.minecraft

[2010/07/14 11:20:52 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\AnvSoft

[2009/04/10 16:34:28 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Atari

[2010/02/15 13:37:12 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Auslogics

[2009/02/14 14:55:06 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\BitZipper

[2010/03/18 17:28:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\DAEMON Tools Lite

[2010/06/14 01:43:06 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Facebook

[2008/10/23 22:31:36 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\ICAClient

[2009/04/10 14:58:00 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Leadertech

[2010/04/10 15:01:23 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Rainbow Innovations

[2010/11/30 20:35:11 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Samsung

[2009/12/31 16:16:14 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Stardock

[2010/11/26 17:04:37 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TS3Client

[2010/02/13 19:20:18 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Uniblue

[2011/02/08 18:00:00 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job

[2009/12/04 00:34:05 | 000,000,412 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job

[2011/02/09 11:55:08 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011/02/09 12:43:14 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E584CAFF-0538-4717-9C4D-FC8EEF4A96C5}.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

 

 

< MD5 for: AGP440.SYS >

[2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys

[2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006/11/02 09:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 

< MD5 for: ATAPI.SYS >

[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008/01/21 02:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys

[2008/01/21 02:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys

[2008/01/21 02:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008/01/21 02:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006/11/02 09:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

 

< MD5 for: CNGAUDIT.DLL >

[2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll

[2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 

< MD5 for: IASTOR.SYS >

[2008/06/16 12:38:28 | 000,396,312 | ---- | M] (Intel Corporation) MD5=DB0C1076AB442C09D2A3AB0410DBEA0D -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2008/06/16 12:38:10 | 000,318,488 | ---- | M] (Intel Corporation) MD5=F263A9036F8897FFA2AE54685E03AD60 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2008/06/16 12:38:10 | 000,318,488 | ---- | M] (Intel Corporation) MD5=F263A9036F8897FFA2AE54685E03AD60 -- C:\Windows\System32\drivers\iaStor.sys

[2008/06/16 12:38:10 | 000,318,488 | ---- | M] (Intel Corporation) MD5=F263A9036F8897FFA2AE54685E03AD60 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3506096f\iaStor.sys

 

< MD5 for: IASTORV.SYS >

[2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 

< MD5 for: NETLOGON.DLL >

[2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll

[2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008/01/21 02:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 

< MD5 for: NVSTOR.SYS >

[2006/11/02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 

< MD5 for: SCECLI.DLL >

[2008/01/21 02:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009/04/11 06:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll

[2009/04/11 06:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009/04/11 06:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[2009/04/11 06:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll

[2009/04/11 06:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

[2010/03/18 17:08:55 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

 

< End of report >

[Sam1]

Extras file:

 

OTL Extras logfile created on: 09/02/2011 14:03:43 - Run 1

OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Sam\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69.05 Gb Total Space | 2.41 Gb Free Space | 3.49% Space Free | Partition Type: NTFS

Drive D: | 70.00 Gb Total Space | 36.29 Gb Free Space | 51.84% Space Free | Partition Type: NTFS

Drive G: | 1.87 Gb Total Space | 1.13 Gb Free Space | 60.24% Space Free | Partition Type: FAT

 

Computer Name: SAM-PC | User Name: Sam | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{09E622A7-7392-4C83-8C45-24F7494ED686}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{1DFE8E54-6970-42ED-8360-C6E74797351D}" = lport=137 | protocol=17 | dir=in | app=system |

"{1E1C672F-5745-4BCB-8EA0-3AAA8D4238E3}" = lport=445 | protocol=6 | dir=in | app=system |

"{38120CE1-4687-4AB0-BF46-040A82AB18B9}" = lport=138 | protocol=17 | dir=in | app=system |

"{53BD8C7A-E039-407F-99D2-146D4F81B570}" = lport=2869 | protocol=6 | dir=in | app=system |

"{55E807B1-2EDB-4B73-8378-1B637A37EE50}" = lport=139 | protocol=6 | dir=in | app=system |

"{64472981-9A05-4886-A058-190EE195B052}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{84EA0C6B-B822-40FF-A641-3583D57250E8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{A9CCFC81-471B-4119-8FEB-37B67E1FDDD4}" = rport=137 | protocol=17 | dir=out | app=system |

"{B43B95EF-A60B-4EDE-9B72-8D53252D6E0B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{D5114C9F-BA77-4C8E-BA5E-75BC975F0375}" = rport=139 | protocol=6 | dir=out | app=system |

"{DFABC318-7592-4DE2-860E-3C1BA922A5CA}" = rport=138 | protocol=17 | dir=out | app=system |

"{E01F5958-5C56-4966-96AC-1B4E62F24D6E}" = rport=445 | protocol=6 | dir=out | app=system |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0B5F3CDD-0BBE-4245-9CE3-048D50740AC6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{0BFEACB5-4335-4045-A7CE-8F3502F2F18B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{0ED9BC42-F124-49C6-B972-ECBC2966C154}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |

"{10B8A52D-B7E0-4CEA-A171-D63E064D1B30}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |

"{122F4C93-48D3-4D31-9C78-84CF41070E7B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{14359230-BDEE-4249-ABE0-5E84A74301B2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{14C600B3-83C8-411D-899F-17AFCD1EF949}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |

"{1ABBE26A-1D40-436D-8995-9DE9803B22DF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{1ACB3523-BFB5-4032-866D-5FFB1430AFFE}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |

"{22B4505A-8395-4F6C-A73A-424DD6CCEBC7}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |

"{29C49DE3-BB17-4086-AEEE-4BD6FEB86FD7}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{3158C51D-FC17-4A0B-B618-FF87900017C9}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{37A07AF8-5344-4091-993B-385BB6550621}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |

"{3D728AED-C4E0-4F7C-926C-0537FAC91E12}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"{502ABE5F-ECE1-4B79-82D6-D7810777CC55}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{514D6C6B-80E5-412C-8A23-7965FE50E88E}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{5908FEE0-F4CF-40B9-B366-A44915EDA161}" = protocol=6 | dir=in | app=c:\program files\kalypso\sins of a solar empire\sins of a solar empire entrenchment.exe |

"{5CED853D-559D-429E-B6B4-BA5CB38DDC70}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{5D9122D2-927D-4EE7-9B5E-3A256A71D369}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{656FFFC1-E837-46DF-8F3E-2D4899E80E10}" = protocol=17 | dir=in | app=c:\program files\kalypso\sins of a solar empire\sins of a solar empire entrenchment.exe |

"{6D4BC036-638D-4DE4-B9F9-2A1AC6FF2F23}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |

"{76F9C1FD-455D-4B2B-9DF6-E9CE1B6CA0B7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{86AF1352-3154-48F4-8094-E756FBD36406}" = protocol=6 | dir=in | app=c:\program files\kalypso\sins of a solar empire\sins of a solar empire diplomacy.exe |

"{8AB612FC-AD95-49D6-A8D9-323B44FF9C0E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{902029EA-F16D-4F36-8D43-DE14F49DA678}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |

"{92575D65-9082-432D-BC5A-9B8217A5D779}" = protocol=6 | dir=in | app=c:\program files\kalypso\sins of a solar empire\sins of a solar empire.exe |

"{9E0599FC-CFA2-469C-83BF-5F763EA6992C}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |

"{BE40AA94-E123-48C9-A1A7-8B850DC80183}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{C157EE73-B6A1-4749-87FA-6D6E156D9B29}" = protocol=17 | dir=in | app=c:\program files\kalypso\sins of a solar empire\sins of a solar empire diplomacy.exe |

"{CB59B87E-49EA-4184-A595-29E807103100}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{D2EDCCDB-F1ED-4878-A1C5-1E9A335A0FFA}" = protocol=6 | dir=in | app=c:\program files\ubisoft\the settlers - rise of an empire\base\bin\settlers6.exe |

"{D5100DFD-858B-4CDD-993B-F44CF03BF17E}" = protocol=17 | dir=in | app=c:\program files\ubisoft\the settlers - rise of an empire\base\bin\settlers6.exe |

"{D9ECBADD-13FB-46DD-8D1B-52C965BAECD7}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |

"{E2F299E1-D300-434D-BED4-6DCF4C794C30}" = protocol=17 | dir=in | app=c:\program files\kalypso\sins of a solar empire\sins of a solar empire.exe |

"{E5406674-8AC8-4834-B3C4-FA59AB109E1A}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |

"TCP Query User{A13CF5C2-6D15-44A0-9692-8C1ECDB47C6D}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |

"UDP Query User{183DDCBC-2E4B-4199-B894-AC34C43C2A25}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1

"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung

"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300

"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32

"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client

"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)

"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English

"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0

"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety

"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III

"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 23

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor

"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)

"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types

"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{4112625F-2D38-49EF-924F-48511BC5CD34}" = Microsoft SQL Server 2008 Database Engine Services

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared

"{49D4FCCF-45D6-11D4-8F73-0050DA0F6297}" = The Sims Livin' it up

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files

"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager

"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)

"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar

"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007

"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation

"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)

"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5

"{B1C2398C-6FAB-46D1-806C-5942F0829994}" = ParetoLogic Data Recovery

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer

"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer

"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services

"{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Intel® PROSet/Wireless WiFi Software

"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser

"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)

"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = THE SETTLERS - Rise of an Empire

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client

"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English

"{E9459BCF-0982-498B-ABA7-26C34323493F}" = Citrix Presentation Server Client - Web Only

"{E94806A6-3E29-40AE-A1A2-B4099D077C98}" = Sun VirtualBox

"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse

"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager

"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver

"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects

"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client

"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes

"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner

"7-Zip" = 7-Zip 4.65

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Age of Empires 2.0" = Microsoft Age of Empires II

"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"Any Video Converter_is1" = Any Video Converter 3.1.7

"Audacity_is1" = Audacity 1.2.6

"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2

"CamStudio" = CamStudio

"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web

"Cross Fire_is1" = Cross Fire En

"DebugMode Wax 2.0" = DebugMode Wax 2.0

"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner

"Face of Mankind" = Face of Mankind

"Google Updater" = Google Updater

"HDMI" = Intel® Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Impulse" = Impulse

"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0

"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus

"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation

"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

"LAME for Audacity_is1" = LAME v3.98.2 for Audacity

"lcc-win32 (base system)_is1" = lcc-win32 version 3.2 (base system)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft SQL Server 10" = Microsoft SQL Server 2008

"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU

"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)

"N360" = Norton 360 Premier Edition

"Network Play System (Patching)" = Network Play System (Patching)

"PKR" = PKR

"PROHYBRIDR" = 2007 Microsoft Office system

"PunkBusterSvc" = PunkBuster Services

"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.1

"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3

"Sins of a Solar Empire" = Sins of a Solar Empire

"Sins of a Solar Empire - Diplomacy" = Sins of a Solar Empire - Diplomacy

"Sins of a Solar Empire - Entrenchment" = Sins of a Solar Empire - Entrenchment

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"SystemRequirementsLab" = System Requirements Lab

"TweakVI" = TweakVI

"VLC media player" = VLC media player 1.1.4

"WinGimp-2.0_is1" = GIMP 2.6.10

"WinLiveSuite_Wave3" = Windows Live Essentials

"World of Warcraft" = World of Warcraft

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Facebook Plug-In" = Facebook Plug-In

"TeamSpeak 3 Client" = TeamSpeak 3 Client

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 07/02/2011 14:29:33 | Computer Name = Sam-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1201

 

Error - 07/02/2011 19:13:44 | Computer Name = Sam-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 07/02/2011 19:13:44 | Computer Name = Sam-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1201

 

Error - 07/02/2011 19:13:44 | Computer Name = Sam-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1201

 

Error - 08/02/2011 07:00:46 | Computer Name = Sam-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 08/02/2011 12:55:11 | Computer Name = Sam-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 08/02/2011 18:47:15 | Computer Name = Sam-PC | Source = Application Hang | ID = 1002

Description = The program javaw.exe version 6.0.230.5 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Problem Reports and Solutions control panel. Process

ID: 1134 Start Time: 01cbc7e1d32a8c76 Termination Time: 13

 

Error - 09/02/2011 07:22:51 | Computer Name = Sam-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 09/02/2011 07:49:03 | Computer Name = Sam-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 09/02/2011 07:57:32 | Computer Name = Sam-PC | Source = WinMgmt | ID = 10

Description =

 

[ OSession Events ]

Error - 16/07/2010 09:53:42 | Computer Name = Sam-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session

lasted 7 seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 31/10/2010 08:50:40 | Computer Name = Sam-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5

seconds with 0 seconds of active time. This session ended with a crash.

 

[ System Events ]

Error - 07/02/2011 20:12:16 | Computer Name = Sam-PC | Source = bowser | ID = 8003

Description =

 

Error - 08/02/2011 07:00:46 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 08/02/2011 07:26:56 | Computer Name = Sam-PC | Source = bowser | ID = 8003

Description =

 

Error - 08/02/2011 12:55:11 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 08/02/2011 13:04:40 | Computer Name = Sam-PC | Source = bowser | ID = 8003

Description =

 

Error - 09/02/2011 07:22:51 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 09/02/2011 07:49:04 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 09/02/2011 07:54:32 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7034

Description =

 

Error - 09/02/2011 07:57:32 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 09/02/2011 09:41:54 | Computer Name = Sam-PC | Source = bowser | ID = 8003

Description =

 

 

< End of report >

[Starbuck]

Hi Sam,

 

Please remove these items from your system:

Java™ 6 Update 2

Java™ 6 Update 7

 

They are old Java versions which should have been removed when Java was updated.

 

Do not remove:

Java™ 6 Update 23

 

Reboot the system when completed.

 

I'd like to check something:

 

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

 

Link 1

Link 2

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif

 

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

 

This is an example, you may rename ComboFix to anything you want.

 

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
  For more information read:
  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
   
  Then:
   
  Double click on Combo-Fix.exe & follow the prompts.
   
  Vista/Win7 users should right click on the icon and select Run as Administrator.
  .
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
   
  If running Vista/Win7, you may not see this screen
  .
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

http://img.photobucket.com/albums/v708/starbuck50/cf1.png

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

http://img.photobucket.com/albums/v706/ried7/whatnext.png

 

Click on Yes, to continue scanning for malware.

 

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

 

Thanks

[Sam1]

Hey,

 

Here it is:

 

ComboFix 11-02-09.02 - Sam 09/02/2011 19:08:22.3.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3032.1849 [GMT 0:00]

Running from: c:\users\Sam\Desktop\Combo-Fix.exe

AV: Norton 360 Premier Edition *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton 360 Premier Edition *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Norton 360 Premier Edition *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\CFLog

 

.

((((((((((((((((((((((((( Files Created from 2011-01-09 to 2011-02-09 )))))))))))))))))))))))))))))))

.

 

2011-02-09 19:16 . 2011-02-09 19:16 -------- d-----w- c:\users\Sam\AppData\Local\temp

2011-02-09 19:16 . 2011-02-09 19:16 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-02-09 19:16 . 2011-02-09 19:16 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-02-09 12:03 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-09 12:03 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-05 11:52 . 2011-02-05 11:52 -------- d-----w- c:\windows\system32\x64

2011-01-12 09:29 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll

2011-01-12 09:29 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2011-01-12 09:29 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2011-01-12 09:29 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2011-01-12 09:29 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll

2011-01-12 09:29 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2011-01-12 09:29 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-30 19:25 . 2010-11-30 19:05 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys

2010-11-29 17:38 . 2010-11-29 17:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 17:38 . 2010-11-29 17:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-12 18:53 . 2010-06-02 02:22 472808 ----a-w- c:\windows\system32\deployJava1.dll

2009-09-12 23:05 . 2009-09-12 23:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll

2009-09-12 23:06 . 2009-09-12 23:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2009-09-12 23:06 . 2009-09-12 23:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2009-09-12 23:06 . 2009-09-12 23:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2009-09-12 23:06 . 2009-09-12 23:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2009-09-12 23:07 . 2009-09-12 23:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2009-09-12 23:06 . 2009-09-12 23:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2009-09-12 23:06 . 2009-09-12 23:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

2009-08-14 13:33 . 2009-08-14 13:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2009-09-12 23:06 . 2009-09-12 23:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2009-03-31 21:47 . 2008-10-29 23:26 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-06 39408]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]

"ConnectionCenter"="c:\users\Sam\AppData\Local\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 135664]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R3 XDva349;XDva349;c:\windows\system32\XDva349.sys [x]

R3 XDva352;XDva352;c:\windows\system32\XDva352.sys [x]

R3 XDva359;XDva359;c:\windows\system32\XDva359.sys [x]

R3 XDva372;XDva372;c:\windows\system32\XDva372.sys [x]

R3 XDva374;XDva374;c:\windows\system32\XDva374.sys [x]

R3 XDva379;XDva379;c:\windows\system32\XDva379.sys [x]

R3 XDva380;XDva380;c:\windows\system32\XDva380.sys [x]

R3 XDva382;XDva382;c:\windows\system32\XDva382.sys [x]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]

R4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2010-05-17 229376]

R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-18 691696]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2010-02-04 328752]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110114.001\BHDrvx86.sys [2010-11-23 691248]

S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110208.003\IDSvix86.sys [2010-11-09 353912]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2009-10-07 115856]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2009-10-07 41424]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]

S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2007-05-23 13312]

S2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-06-03 102448]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-04 113664]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-10-07 94992]

S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2009-10-07 103568]

S3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [2008-04-05 242560]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-03-17 08:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

 

2011-02-09 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-07 17:57]

 

2011-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 20:14]

 

2011-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 20:14]

 

2011-02-09 c:\windows\Tasks\ParetoLogic Registration.job

- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 11:25]

 

2009-12-04 c:\windows\Tasks\ParetoLogic Update Version2.job

- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 11:25]

 

2011-02-09 c:\windows\Tasks\User_Feed_Synchronization-{E584CAFF-0538-4717-9C4D-FC8EEF4A96C5}.job

- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://uk.yahoo.com

uLocal Page =

uInternet Settings,ProxyOverride = <local>;*.local

IE: Add to Windows &Live Favorites - Welcome to Windows Live

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

Trusted Zone: travian.com\s5

FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\ekm3fby4.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn

FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-02-09 19:16

Windows 6.0.6002 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-700040806-1893376981-3750275412-1003\Software\SecuROM\License information*]

"datasecu"=hex:82,b9,26,a2,88,70,d3,16,d3,ab,b1,3f,d1,df,c8,29,f2,2a,77,a9,e8,

fa,91,55,d1,aa,23,b9,ad,5b,bb,a8,e9,08,4c,9a,b5,7a,a4,41,a9,33,49,a1,ca,a4,\

"rkeysecu"=hex:e2,26,6d,94,9c,ba,ad,1d,64,79,70,1b,d8,19,de,23

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'Explorer.exe'(3032)

c:\windows\system32\btmmhook.dll

c:\windows\System32\netshell.dll

.

Completion time: 2011-02-09 19:19:59

ComboFix-quarantined-files.txt 2011-02-09 19:19

 

Pre-Run: 2,831,101,952 bytes free

Post-Run: 2,670,202,880 bytes free

 

- - End Of File - - 9E7E59E23FD4D3A3EE85E1819346E83A

[Starbuck]

Hi Sam,

 

This is what i wanted to check:

< %systemroot%\system32\*.dll /lockedfiles >

[2009/04/11 06:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll

[2009/04/11 06:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

[2010/03/18 17:08:55 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

CF is very good at recognising problems like these and correcting them.

They aren't always a problem though, as in this case.

Best we checked though.

 

There doesn't seem to be any obvious malware, but let me have another set of OTL reports and i'll clean up the orphan entries that are left.

 

Double click on OTL.exe to run it.

• Under Extra Registry section, select Use SafeList.
  
• Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.
  
• Click on Run Scan at the top left hand corner.
  
• When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

 

Thanks

[Sam1]

Ok here are the requested reports:

 

p.s out of curiosity, whats an orphan entry?

 

OTL.txt

 

OTL logfile created on: 10/02/2011 15:53:34 - Run 2

OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Sam\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69.05 Gb Total Space | 2.22 Gb Free Space | 3.21% Space Free | Partition Type: NTFS

Drive D: | 70.00 Gb Total Space | 36.29 Gb Free Space | 51.84% Space Free | Partition Type: NTFS

Drive G: | 1.87 Gb Total Space | 1.13 Gb Free Space | 60.24% Space Free | Partition Type: FAT

 

Computer Name: SAM-PC | User Name: Sam | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Sam\Desktop\OTL.scr (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)

PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)

PRC - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ccsvchst.exe (Symantec Corporation)

PRC - C:\Users\Sam\AppData\Local\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

PRC - C:\Users\Sam\AppData\Local\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)

PRC - C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)

PRC - C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Users\Sam\Desktop\OTL.scr (OldTimer Tools)

MOD - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\asoehook.dll (Symantec Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)

MOD - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)

SRV - (PuranDefrag) -- C:\Windows\System32\PuranDefragS.exe (Puran Software)

SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (N360) -- C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe (Symantec Corporation)

SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

SRV - (Samsung Update Plus) -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)

SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110209.036\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110209.036\NAVENG.SYS (Symantec Corporation)

DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()

DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110114.001\BHDrvx86.sys (Symantec Corporation)

DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110209.001\IDSvix86.sys (Symantec Corporation)

DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS (Symantec Corporation)

DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS (Symantec Corporation)

DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation)

DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation)

DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation)

DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS (Symantec Corporation)

DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS (Symantec Corporation)

DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS (Symantec Corporation)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (ccHP) -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys (Symantec Corporation)

DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS (Symantec Corporation)

DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)

DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Sun Microsystems, Inc.)

DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Sun Microsystems, Inc.)

DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Sun Microsystems, Inc.)

DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)

DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)

DRV - (RsFx0102) -- C:\Windows\System32\drivers\RsFx0102.sys (Microsoft Corporation)

DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation)

DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)

DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)

DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)

DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)

DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)

DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.7

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/06/05 12:19:24 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/06/03 22:14:50 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 13:09:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 13:09:41 | 000,000,000 | ---D | M]

 

[2008/10/29 23:26:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Extensions

[2011/02/10 01:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\ekm3fby4.default\extensions

[2010/04/27 21:06:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\ekm3fby4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/02/03 15:27:21 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\ekm3fby4.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2010/09/14 11:03:23 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\ekm3fby4.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2011/01/28 14:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/06/02 02:22:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/11/10 00:59:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/01/28 14:02:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2010/06/03 22:14:50 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\COFFPLGN

[2010/06/05 12:19:24 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPLGN

[2009/03/31 21:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll

[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CCMSDK.dll

[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll

[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll

[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll

[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll

[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

[2010/10/28 14:19:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/10/28 14:19:02 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/10/28 14:19:02 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/10/28 14:19:02 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

 

O1 HOSTS File: ([2010/05/31 11:01:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ConnectionCenter] C:\Users\Sam\AppData\Local\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: travian.com ([s5] http in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Users\Sam\Pictures\world-by-night.jpg

O24 - Desktop BackupWallPaper: C:\Users\Sam\Pictures\world-by-night.jpg

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/02/09 19:20:01 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011/02/09 19:20:01 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\temp

[2011/02/09 19:18:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/02/09 19:05:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/02/09 19:05:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/02/09 19:05:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/02/09 19:03:26 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/02/09 19:03:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2011/02/09 14:02:03 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.scr

[2011/02/09 12:03:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/02/09 12:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/02/09 12:03:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/02/09 12:02:27 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sam\Desktop\m-setup.exe

[2011/02/08 23:50:35 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011/02/08 23:50:32 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2011/02/08 23:50:31 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2011/02/08 23:50:22 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll

[2011/02/08 23:50:21 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2011/02/08 23:50:21 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2011/02/08 23:50:21 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll

[2011/02/08 23:50:21 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2011/02/08 23:50:20 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll

[2011/02/08 23:50:20 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2011/02/08 23:50:20 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll

[2011/02/08 23:50:20 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2011/02/08 23:50:20 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll

[2011/02/08 23:50:19 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll

[2011/02/08 23:50:19 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll

[2011/02/08 23:50:19 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll

[2011/02/08 23:50:19 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll

[2011/02/08 23:50:18 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll

[2011/02/08 23:50:18 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll

[2011/02/08 23:50:18 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2011/02/08 23:50:18 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2011/02/08 23:50:17 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe

[2011/02/08 23:50:17 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll

[2011/02/08 23:50:17 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll

[2011/02/08 23:50:17 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll

[2011/02/08 23:50:14 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll

[2011/02/08 23:50:14 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll

[2011/02/08 23:50:13 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll

[2011/02/08 23:49:05 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2011/02/08 23:49:04 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011/02/08 23:49:04 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2011/02/08 23:49:04 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2011/02/08 23:49:04 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll

[2011/02/08 23:49:03 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2011/02/08 23:49:01 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2011/02/08 23:49:00 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2011/02/07 21:14:55 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Spreadsheets

[2011/02/05 11:52:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64

[2011/01/28 14:02:14 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2011/01/28 14:02:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2011/01/28 14:02:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2011/01/25 18:23:37 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Experiment

[2011/01/24 22:50:00 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\Self_data

[2011/01/22 15:47:38 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\MCEdit-schematics

[2011/01/22 15:40:49 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\INVedit

[2011/01/22 15:40:41 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\MCEdit-alpha78-32bit-win32

[2011/01/12 09:29:21 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll

[2011/01/12 09:29:02 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe

[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

[2006/11/24 05:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll

[2006/11/24 05:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll

 

========== Files - Modified Within 30 Days ==========

 

[2011/02/10 15:40:51 | 000,725,262 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/02/10 15:40:51 | 000,152,582 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/02/10 15:38:53 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2011/02/10 15:38:05 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E584CAFF-0538-4717-9C4D-FC8EEF4A96C5}.job

[2011/02/10 15:36:29 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/02/10 15:35:47 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/02/10 15:35:47 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/02/10 15:35:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/02/10 09:43:12 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011/02/09 23:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/02/09 22:59:37 | 000,000,117 | ---- | M] () -- C:\Users\Sam\jagex_runescape_preferences2.dat

[2011/02/09 22:58:37 | 000,000,046 | ---- | M] () -- C:\Users\Sam\jagex_runescape_preferences.dat

[2011/02/09 18:59:08 | 004,266,117 | R--- | M] () -- C:\Users\Sam\Desktop\Combo-Fix.exe

[2011/02/09 17:59:59 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job

[2011/02/09 14:02:06 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.scr

[2011/02/09 12:03:20 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/02/09 12:02:41 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sam\Desktop\m-setup.exe

[2011/02/09 11:59:14 | 000,000,906 | ---- | M] () -- C:\Users\Sam\Desktop\Malwarebytes' Anti-Malware (2).lnk

[2011/02/09 11:48:32 | 000,377,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/02/08 17:52:26 | 000,010,828 | ---- | M] () -- C:\Users\Sam\Documents\thing.docx

[2011/02/08 00:13:26 | 000,046,080 | ---- | M] () -- C:\Users\Sam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/02/07 21:14:47 | 000,215,796 | ---- | M] () -- C:\Users\Sam\Desktop\Spreadsheets.zip

[2011/01/30 00:18:41 | 000,011,906 | ---- | M] () -- C:\Users\Sam\Documents\Life is just a series of trips.docx

[2011/01/26 18:57:10 | 000,013,378 | ---- | M] () -- C:\Users\Sam\Documents\Debts.xlsx

[2011/01/25 18:09:13 | 000,007,064 | ---- | M] () -- C:\Users\Sam\Documents\Self.aup

[2011/01/24 22:58:56 | 000,011,544 | ---- | M] () -- C:\Users\Sam\Documents\Self hypnosis.docx

[2011/01/24 22:58:52 | 000,007,063 | ---- | M] () -- C:\Users\Sam\Documents\Self.aup.bak

[2011/01/23 21:23:56 | 000,015,081 | ---- | M] () -- C:\Users\Sam\Documents\4 leveled maze.xlsx

[2011/01/22 16:21:53 | 000,001,358 | ---- | M] () -- C:\Users\Sam\Documents\mcedit.ini

[2011/01/22 15:31:59 | 010,840,756 | ---- | M] () -- C:\Users\Sam\Desktop\MCEdit-alpha78-32bit-win32.zip

[2011/01/22 15:29:52 | 000,164,826 | ---- | M] () -- C:\Users\Sam\Desktop\INVedit.zip

[2011/01/21 14:04:27 | 000,006,025 | ---- | M] () -- C:\Users\Sam\.recently-used.xbel

[2011/01/20 16:08:16 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll

[2011/01/20 16:08:06 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll

[2011/01/20 16:08:06 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2011/01/20 16:08:06 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll

[2011/01/20 16:08:06 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2011/01/20 16:07:58 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll

[2011/01/20 16:06:38 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll

[2011/01/20 16:06:35 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll

[2011/01/20 16:04:54 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll

[2011/01/20 16:04:54 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll

[2011/01/20 14:28:38 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll

[2011/01/20 14:27:50 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2011/01/20 14:26:30 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe

[2011/01/20 14:25:25 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll

[2011/01/20 14:24:32 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2011/01/20 14:24:26 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll

[2011/01/20 14:15:10 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll

[2011/01/20 14:14:39 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll

[2011/01/20 14:14:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll

[2011/01/20 14:14:03 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll

[2011/01/20 14:12:46 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2011/01/20 14:11:34 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll

[2011/01/20 13:47:51 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2011/01/20 13:44:05 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2011/01/20 13:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll

[2011/01/16 16:39:00 | 000,012,264 | ---- | M] () -- C:\Users\Sam\Documents\plasma 2.docx

 

========== Files Created - No Company Name ==========

 

[2011/02/09 19:05:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/02/09 19:05:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/02/09 19:05:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/02/09 18:58:54 | 004,266,117 | R--- | C] () -- C:\Users\Sam\Desktop\Combo-Fix.exe

[2011/02/09 12:03:20 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/02/09 11:59:14 | 000,000,906 | ---- | C] () -- C:\Users\Sam\Desktop\Malwarebytes' Anti-Malware (2).lnk

[2011/02/08 17:52:25 | 000,010,828 | ---- | C] () -- C:\Users\Sam\Documents\thing.docx

[2011/02/07 21:14:46 | 000,215,796 | ---- | C] () -- C:\Users\Sam\Desktop\Spreadsheets.zip

[2011/01/30 00:12:27 | 000,011,906 | ---- | C] () -- C:\Users\Sam\Documents\Life is just a series of trips.docx

[2011/01/24 22:50:00 | 000,007,064 | ---- | C] () -- C:\Users\Sam\Documents\Self.aup

[2011/01/24 22:50:00 | 000,007,063 | ---- | C] () -- C:\Users\Sam\Documents\Self.aup.bak

[2011/01/24 22:03:04 | 000,011,544 | ---- | C] () -- C:\Users\Sam\Documents\Self hypnosis.docx

[2011/01/22 18:06:21 | 000,015,081 | ---- | C] () -- C:\Users\Sam\Documents\4 leveled maze.xlsx

[2011/01/22 15:47:38 | 000,001,358 | ---- | C] () -- C:\Users\Sam\Documents\mcedit.ini

[2011/01/22 15:29:49 | 000,164,826 | ---- | C] () -- C:\Users\Sam\Desktop\INVedit.zip

[2011/01/22 15:29:26 | 010,840,756 | ---- | C] () -- C:\Users\Sam\Desktop\MCEdit-alpha78-32bit-win32.zip

[2011/01/21 14:04:27 | 000,006,025 | ---- | C] () -- C:\Users\Sam\.recently-used.xbel

[2011/01/15 18:29:30 | 000,012,264 | ---- | C] () -- C:\Users\Sam\Documents\plasma 2.docx

[2010/11/30 19:37:46 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll

[2010/11/30 19:37:46 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys

[2010/11/30 19:31:03 | 000,000,059 | ---- | C] () -- C:\Windows\wininit.ini

[2010/11/30 19:26:21 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt

[2010/11/30 19:05:23 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys

[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll

[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll

[2010/03/18 17:08:54 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2009/09/10 22:20:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/09/02 12:03:04 | 000,139,152 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\PnkBstrK.sys

[2009/09/02 12:03:04 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/04/10 19:11:51 | 000,000,680 | ---- | C] () -- C:\Users\Sam\AppData\Local\d3d9caps.dat

[2009/02/16 11:59:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2009/02/11 17:38:30 | 000,212,872 | ---- | C] () -- C:\Users\Sam\AppData\Local\debuggee.mdmp

[2008/09/10 20:39:19 | 000,046,080 | ---- | C] () -- C:\Users\Sam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/06/25 08:06:44 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini

[2008/06/25 07:47:10 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini

[2008/06/25 07:47:10 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini

[2008/06/25 06:11:27 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2008/06/25 06:11:05 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll

[2008/06/25 06:11:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll

[2008/05/04 17:08:55 | 000,020,480 | ---- | C] () -- C:\Windows\System32\CPUINFO2.DLL

[2007/02/15 07:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll

[2006/11/29 08:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll

[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/10/09 01:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll

[2001/11/14 03:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

[1997/06/14 02:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

 

< End of report >

 

 

 

 

 

 

Extras.txt:

 

OTL Extras logfile created on: 10/02/2011 15:53:34 - Run 2

OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Sam\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69.05 Gb Total Space | 2.22 Gb Free Space | 3.21% Space Free | Partition Type: NTFS

Drive D: | 70.00 Gb Total Space | 36.29 Gb Free Space | 51.84% Space Free | Partition Type: NTFS

Drive G: | 1.87 Gb Total Space | 1.13 Gb Free Space | 60.24% Space Free | Partition Type: FAT

 

Computer Name: SAM-PC | User Name: Sam | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{09E622A7-7392-4C83-8C45-24F7494ED686}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{1DFE8E54-6970-42ED-8360-C6E74797351D}" = lport=137 | protocol=17 | dir=in | app=system |

"{1E1C672F-5745-4BCB-8EA0-3AAA8D4238E3}" = lport=445 | protocol=6 | dir=in | app=system |

"{38120CE1-4687-4AB0-BF46-040A82AB18B9}" = lport=138 | protocol=17 | dir=in | app=system |

"{53BD8C7A-E039-407F-99D2-146D4F81B570}" = lport=2869 | protocol=6 | dir=in | app=system |

"{55E807B1-2EDB-4B73-8378-1B637A37EE50}" = lport=139 | protocol=6 | dir=in | app=system |

"{64472981-9A05-4886-A058-190EE195B052}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{84EA0C6B-B822-40FF-A641-3583D57250E8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{A9CCFC81-471B-4119-8FEB-37B67E1FDDD4}" = rport=137 | protocol=17 | dir=out | app=system |

"{B43B95EF-A60B-4EDE-9B72-8D53252D6E0B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{D5114C9F-BA77-4C8E-BA5E-75BC975F0375}" = rport=139 | protocol=6 | dir=out | app=system |

"{DFABC318-7592-4DE2-860E-3C1BA922A5CA}" = rport=138 | protocol=17 | dir=out | app=system |

"{E01F5958-5C56-4966-96AC-1B4E62F24D6E}" = rport=445 | protocol=6 | dir=out | app=system |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0B5F3CDD-0BBE-4245-9CE3-048D50740AC6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{0BFEACB5-4335-4045-A7CE-8F3502F2F18B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{0ED9BC42-F124-49C6-B972-ECBC2966C154}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |

"{10B8A52D-B7E0-4CEA-A171-D63E064D1B30}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |

"{122F4C93-48D3-4D31-9C78-84CF41070E7B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{14359230-BDEE-4249-ABE0-5E84A74301B2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{14C600B3-83C8-411D-899F-17AFCD1EF949}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |

"{1ABBE26A-1D40-436D-8995-9DE9803B22DF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{1ACB3523-BFB5-4032-866D-5FFB1430AFFE}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |

"{22B4505A-8395-4F6C-A73A-424DD6CCEBC7}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |

"{29C49DE3-BB17-4086-AEEE-4BD6FEB86FD7}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{3158C51D-FC17-4A0B-B618-FF87900017C9}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{37A07AF8-5344-4091-993B-385BB6550621}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |

"{3D728AED-C4E0-4F7C-926C-0537FAC91E12}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"{502ABE5F-ECE1-4B79-82D6-D7810777CC55}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{514D6C6B-80E5-412C-8A23-7965FE50E88E}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{5908FEE0-F4CF-40B9-B366-A44915EDA161}" = protocol=6 | dir=in | app=c:\program files\kalypso\sins of a solar empire\sins of a solar empire entrenchment.exe |

"{5CED853D-559D-429E-B6B4-BA5CB38DDC70}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{5D9122D2-927D-4EE7-9B5E-3A256A71D369}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{656FFFC1-E837-46DF-8F3E-2D4899E80E10}" = protocol=17 | dir=in | app=c:\program files\kalypso\sins of a solar empire\sins of a solar empire entrenchment.exe |

"{6D4BC036-638D-4DE4-B9F9-2A1AC6FF2F23}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |

"{76F9C1FD-455D-4B2B-9DF6-E9CE1B6CA0B7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{86AF1352-3154-48F4-8094-E756FBD36406}" = protocol=6 | dir=in | app=c:\program files\kalypso\sins of a solar empire\sins of a solar empire diplomacy.exe |

"{8AB612FC-AD95-49D6-A8D9-323B44FF9C0E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{902029EA-F16D-4F36-8D43-DE14F49DA678}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |

"{92575D65-9082-432D-BC5A-9B8217A5D779}" = protocol=6 | dir=in | app=c:\program files\kalypso\sins of a solar empire\sins of a solar empire.exe |

"{9E0599FC-CFA2-469C-83BF-5F763EA6992C}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |

"{BE40AA94-E123-48C9-A1A7-8B850DC80183}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{C157EE73-B6A1-4749-87FA-6D6E156D9B29}" = protocol=17 | dir=in | app=c:\program files\kalypso\sins of a solar empire\sins of a solar empire diplomacy.exe |

"{CB59B87E-49EA-4184-A595-29E807103100}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{D2EDCCDB-F1ED-4878-A1C5-1E9A335A0FFA}" = protocol=6 | dir=in | app=c:\program files\ubisoft\the settlers - rise of an empire\base\bin\settlers6.exe |

"{D5100DFD-858B-4CDD-993B-F44CF03BF17E}" = protocol=17 | dir=in | app=c:\program files\ubisoft\the settlers - rise of an empire\base\bin\settlers6.exe |

"{D9ECBADD-13FB-46DD-8D1B-52C965BAECD7}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |

"{E2F299E1-D300-434D-BED4-6DCF4C794C30}" = protocol=17 | dir=in | app=c:\program files\kalypso\sins of a solar empire\sins of a solar empire.exe |

"{E5406674-8AC8-4834-B3C4-FA59AB109E1A}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |

"TCP Query User{A13CF5C2-6D15-44A0-9692-8C1ECDB47C6D}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |

"UDP Query User{183DDCBC-2E4B-4199-B894-AC34C43C2A25}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1

"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung

"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300

"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32

"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client

"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)

"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English

"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0

"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety

"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III

"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 23

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support

"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor

"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)

"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types

"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{4112625F-2D38-49EF-924F-48511BC5CD34}" = Microsoft SQL Server 2008 Database Engine Services

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared

"{49D4FCCF-45D6-11D4-8F73-0050DA0F6297}" = The Sims Livin' it up

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files

"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager

"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)

"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar

"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007

"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation

"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)

"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5

"{B1C2398C-6FAB-46D1-806C-5942F0829994}" = ParetoLogic Data Recovery

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer

"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer

"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services

"{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Intel® PROSet/Wireless WiFi Software

"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser

"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)

"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = THE SETTLERS - Rise of an Empire

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client

"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English

"{E9459BCF-0982-498B-ABA7-26C34323493F}" = Citrix Presentation Server Client - Web Only

"{E94806A6-3E29-40AE-A1A2-B4099D077C98}" = Sun VirtualBox

"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse

"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager

"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver

"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects

"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client

"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes

"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner

"7-Zip" = 7-Zip 4.65

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Age of Empires 2.0" = Microsoft Age of Empires II

"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"Any Video Converter_is1" = Any Video Converter 3.1.7

"Audacity_is1" = Audacity 1.2.6

"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2

"CamStudio" = CamStudio

"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web

"Cross Fire_is1" = Cross Fire En

"DebugMode Wax 2.0" = DebugMode Wax 2.0

"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner

"Face of Mankind" = Face of Mankind

"Google Updater" = Google Updater

"HDMI" = Intel® Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Impulse" = Impulse

"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0

"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus

"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation

"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

"LAME for Audacity_is1" = LAME v3.98.2 for Audacity

"lcc-win32 (base system)_is1" = lcc-win32 version 3.2 (base system)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft SQL Server 10" = Microsoft SQL Server 2008

"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU

"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)

"N360" = Norton 360 Premier Edition

"Network Play System (Patching)" = Network Play System (Patching)

"PKR" = PKR

"PROHYBRIDR" = 2007 Microsoft Office system

"PunkBusterSvc" = PunkBuster Services

"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.1

"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3

"Sins of a Solar Empire" = Sins of a Solar Empire

"Sins of a Solar Empire - Diplomacy" = Sins of a Solar Empire - Diplomacy

"Sins of a Solar Empire - Entrenchment" = Sins of a Solar Empire - Entrenchment

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"SystemRequirementsLab" = System Requirements Lab

"TweakVI" = TweakVI

"VLC media player" = VLC media player 1.1.4

"WinGimp-2.0_is1" = GIMP 2.6.10

"WinLiveSuite_Wave3" = Windows Live Essentials

"World of Warcraft" = World of Warcraft

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Facebook Plug-In" = Facebook Plug-In

"TeamSpeak 3 Client" = TeamSpeak 3 Client

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 09/02/2011 11:45:17 | Computer Name = Sam-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 09/02/2011 11:45:17 | Computer Name = Sam-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1014

 

Error - 09/02/2011 11:45:17 | Computer Name = Sam-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1014

 

Error - 09/02/2011 11:45:18 | Computer Name = Sam-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 09/02/2011 11:45:18 | Computer Name = Sam-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 2372

 

Error - 09/02/2011 11:45:18 | Computer Name = Sam-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 2372

 

Error - 09/02/2011 14:56:06 | Computer Name = Sam-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 09/02/2011 17:56:53 | Computer Name = Sam-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 10/02/2011 05:39:37 | Computer Name = Sam-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 10/02/2011 11:37:16 | Computer Name = Sam-PC | Source = WinMgmt | ID = 10

Description =

 

[ OSession Events ]

Error - 16/07/2010 09:53:42 | Computer Name = Sam-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session

lasted 7 seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 31/10/2010 08:50:40 | Computer Name = Sam-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5

seconds with 0 seconds of active time. This session ended with a crash.

 

[ System Events ]

Error - 09/02/2011 12:17:45 | Computer Name = Sam-PC | Source = bowser | ID = 8003

Description =

 

Error - 09/02/2011 13:27:56 | Computer Name = Sam-PC | Source = bowser | ID = 8003

Description =

 

Error - 09/02/2011 14:56:06 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 09/02/2011 15:03:55 | Computer Name = Sam-PC | Source = bowser | ID = 8003

Description =

 

Error - 09/02/2011 15:07:50 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7030

Description =

 

Error - 09/02/2011 15:16:52 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7030

Description =

 

Error - 09/02/2011 17:56:53 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 10/02/2011 05:39:37 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 10/02/2011 11:37:16 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 10/02/2011 11:42:17 | Computer Name = Sam-PC | Source = bowser | ID = 8003

Description =

 

 

< End of report >

[Starbuck]

Hi Sam

 

p.s out of curiosity, whats an orphan entry?

It's when a program or file has been removed, but leaves behind dead entries in the registry.

e.g:

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

so this line won't run because entries associated with it have been removed.

 

The OTL fix will also do some cleaning and resetting of default entries.

 

Double click on OTL to run it.

Vista and Win7 users should right click on the icon and select Run as Administrator.

 

Copy the lines in the codebox below. (make sure that :Otl is on the first line )

:otl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = ;*.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]
[EMPTYFLASH]

• Return to OTL,
  
• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
   
  
• Click the red Run Fix button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
   
  
• OTL will reboot your system once the fix has completed.
  
• After the reboot, you may need to double click OTL to launch the program and retrieve the log.

 

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

 

if you lose the report, there will be a copy here:

C:\_OTL\MovedFiles

 

Thanks

[Sam1]

Hey,

 

I ran into a few issues when I was doing this part.

 

Firstly, I could not run OTL as an administrator, the option simply did not come up.

 

Secondly, it crashed almost immediatly when I ran it and it didn't generate any logs in

C:\_OTL\MovedFiles

 

I remember having a similar issue the first time you fixed my computer but it managed to generate the log files.

 

I disabled Norton and its firewall but it crashed almost immediatly again.

[Starbuck]

Hi Sam,

 

Try running the fix in safe mode, see if that helps.

 

Restart your computer.

 

When the computer starts you will see your computer's hardware being listed. When you see this information start to gently tap the F8 key repeatedly until you are presented with the Windows Vista Advanced Boot Options.

Select the Safe Mode option using the arrow keys.

Then press the enter key on your keyboard to boot into Vista Safe Mode.

When Windows starts you will be at a typical logon screen. Logon to your computer and Vista will enter Safe mode.

 

To make it easier for you to add the fix in Safe Mode.

I've attached a fix.txt to this post.

Download it to your desktop.

When you open OTL, just click on the fix button without adding anything.

It'll then ask if you want to load the fix from a file.

Click yes and follow any prompts.... it's quite easy really.

This works in Normal mode as well.

Fix.txt

[Sam1]

Hey,

 

Unfortunatly OTL still crashed in safe mode, I tried re-downloading OTL but it just keeps stalling on the IE-HKCU line for some reason.

 

Sam

[Starbuck]

Hi Sam,

 

but it just keeps stalling on the IE-HKCU line for some reason.

Let's try the obvious then:

I've removed that line from the fix.

 

:otl
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]
[EMPTYFLASH]

Try running the fix now.

 

Thanks

[Sam1]

Hey,

 

That did the trick :)

 

Heres the report:

 

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Sam\Desktop\cmd.bat deleted successfully.

C:\Users\Sam\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: Sam

->Temp folder emptied: 34562074 bytes

->Temporary Internet Files folder emptied: 27459164 bytes

->Java cache emptied: 1013889 bytes

->FireFox cache emptied: 80705596 bytes

->Flash cache emptied: 2568 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 137.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Public

 

User: Sam

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0.00 mb

 

 

OTL by OldTimer - Version 3.2.20.6 log created on 02122011_103205

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

[Starbuck]

Hi Sam,

 

On checking i found out that OTL was having problems with IE lines like that, especially if there was no data in them.

It's not a cause for concern.

 

How's the system running now?

[Sam1]

Hey yeah, the systems running fine, I still have the phantom desktop icons but I can always just delete them. I've had no crashes for a while now and my icons haven't decided to sponatnously re-arange themselves.

[Starbuck]

Hi Sam,

 

Yes, just delete those icons.

Then run the system for a couple of days to make sure there's no problems.

If everything is still running fine in a couple of days, let me know and we'll finish off the cleaning process.

[Sam1]

Hey,

 

I've used the system for a few days now and have found no other problems and eveything seems to be running smoothly and am ready to enter the final stages of clean up.

[Starbuck]

Hi Sam,

 

have found no other problems and eveything seems to be running smoothly

That's good to hear. http://fc07.deviantart.com/images3/i/2004/146/9/1/Two_thumbs_up.gif

 

Step 1

Please uninstall ComboFix by

Clicking on Start ...then run ... and type in combofix /uninstall (don't forget there's is a gap between x and /) Then press Ok

http://img.photobucket.com/albums/v708/starbuck50/new/cfu.png

 

This action will uninstall Combofix and also perform a few cleanup measures

 

 

Step 2

• Please double-click OTL.exe to run it.
  
• You should see a CleanUp! button, press that button,
   
  http://img.photobucket.com/albums/v708/starbuck50/cleanupbutton.png
   
  
• This will remove any programs we have asked you to download along with there associated folders.. plus itself.

 

Note:

MBAM will not be removed

 

 

Step 3

Now you should set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

 

Click on Start... Control Panel... System and Maintenance... System

Click on System Protection in the left-hand task list.

Uncheck the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section.

 

When you uncheck a disk you will be presented with a screen.

You should click on the Turn System Protection Off button.

Click Apply and then OK.

 

Reboot your computer.

 

Now:

Click on Start... Control Panel... System and Maintenance... System

Click on System Protection in the left-hand task list.

Put a checkmark in the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section.

Click Apply and then OK.

 

Your System restore will now be active again... starting with a new restore point.

 

 

Not all of the following information will be applicable to you, but it's still best to read it all.

 

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

• Use an AntiVirus Software
  
  • Avira AntiVir ....installation guide Here
    
  • Avast free
    
  • Bitdefender Free
    
  • MS Security Essentials ... see note* ...installation guide Here
    

   

  Note*:

  Upon installation MS Security Essentials will check that your OS is a legal copy.

   

  Only install one AntiVirus program

   

  [*]Update your AntiVirus Software regularly

   

  [*]Use a 3rd party Firewall

  • Online Armor Free
    
  • ZoneAlarm ...Important note below
    
  • Outpost Firewall Free
    
  • Sunbelt Personal Firewall
    

  NOTE: If choosing Zone Alarm be aware that the free version also installs ZoneAlarm Spy Blocker. It is recommended however that you UNcheck this option.

   

  Only install one software Firewall

   

  Some 3rd party Firewalls will turn off the windows firewall when they are installed.

  It's always best to check that the Windows Firewall is turned off:

   

  How to turn off Windows Firewall:

  Start ... Control Panel ...click on 'Classic View'.

  now select Windows Firewall.

  When the Windows Firewall box opens, put a tick against .. Off (not recommended) and then click Ok

   

  [*]Scan regularly with a 'Stand Alone' Anti-Malware scanner:

  Installing another scanner that you can run once or twice a week is always beneficial.

  Something like:

  Malwarebytes Anti-Malware

  SUPERAntiSypware

  Remember to update these programs each time before running.

  You can install more than one of these if you only run them as stand alone programs.

   

  [*] Use an alternative browser:

  Some excellent alternatives to MS Internet Explorer are:

   

  Firefox

  For added security, add the NoScript extension to this browser:

  Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks

  also consider adding:

  WOT - Safe Browsing Tool

   

  Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web.

  Btw: you don't have to make a contribution.

   

  Opera

   

  They offer better security, more stability, and better speed.

   

  [*]Keep a backup of your registry

  Keeping a regular backup of your registry will help when something goes wrong.

  Use a program like:

  Erunt

   

  A full tutorial on how to set up and use Erunt can be found here:

  Erunt tutorial

   

  [*]Keep your system clean of temp files etc, using a 'Cleaner':

  Cleaners are programs that will help to clean out your:

  Windows temp files

  Current user temp files

  Cookies

  Temporary Internet flies

  Browser history

  Recycle bin

  Etc.......

  In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc.

  Programs like:

  CCleaner

  TFC by OldTimer

  ATF Cleaner

   

  [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

   

  [*]Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

   

  A tutorial on installing & using this product can be found here:

  Using and installing SpywareBlaster

   

  [*]Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

 

Glad I was able to help.

 

Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif

[Sam1]

Hey,

 

All cleaned up now, thanks for your help again!

[Starbuck]

Hi Sam,

 

Glad to hear you are happy.

You know where we are if you need us again.