[RESOLVED] I may have a virus

This laptop is used by my wife and son so they may allow things to run that should not. I have ZoneAlarm and Avast running. I also run SUPERAntiSpyware regularily.

The symptoms are:
1) ZoneAlarm update will not connect to the server to update (all other PCs can connect)
2) Windows Defender is turned off and will not turn on
3) The PersonalVPN will not connect to any sites

Below is the log from Malwarebytes.

Regards,

Glyn

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8314

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

5/12/2011 7:35:37 PM
mbam-log-2011-12-05 (19-35-37).txt

Scan type: Quick scan
Objects scanned: 236421
Time elapsed: 10 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-05 20:35:26
Windows 6.1.7601 Service Pack 1
Running: bor3u48x.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\BTHPORT
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\HidBth
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\BTHPORT (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\HidBth (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\r190 0 bytes
File C:\## aswSnx private storage\r190\plantsvszombie_{5fe820f2-f312-11e0-8966-0017a4e21afb} 0 bytes
File C:\## aswSnx private storage\r190\plantsvszombie_{5fe820f2-f312-11e0-8966-0017a4e21afb}\image 0 bytes
File C:\## aswSnx private storage\r190\plantsvszombie_{5fe820f2-f312-11e0-8966-0017a4e21afb}\image\ProgramData 0 bytes
File C:\## aswSnx private storage\r190\plantsvszombie_{5fe820f2-f312-11e0-8966-0017a4e21afb}\image\ProgramData\PopCap Games 0 bytes
File C:\## aswSnx private storage\r190\plantsvszombie_{5fe820f2-f312-11e0-8966-0017a4e21afb}\image\ProgramData\PopCap Games\.system 0 bytes

---- EOF - GMER 1.0.15 ----

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-05 20:48:05
-----------------------------
20:48:05.839 OS Version: Windows x64 6.1.7601 Service Pack 1
20:48:05.840 Number of processors: 2 586 0xF0D
20:48:05.841 ComputerName: MARGMATT UserName: Admin
20:48:06.966 Initialize success
20:48:09.948 AVAST engine defs: 11120401
20:48:14.119 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
20:48:14.122 Disk 0 Vendor: SAMSUNG_HM160HI HR100-08 Size: 152627MB BusType: 11
20:48:16.222 Disk 0 MBR read successfully
20:48:16.225 Disk 0 MBR scan
20:48:16.229 Disk 0 Windows 7 default MBR code
20:48:16.234 Service scanning
20:48:19.332 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
20:48:21.124 Service Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys **LOCKED** 32
20:48:21.971 Modules scanning
20:48:21.976 Disk 0 trace - called modules:
20:48:22.004 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:48:22.010 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003027790]
20:48:22.016 3 CLASSPNP.SYS[fffff88001af243f] -> nt!IofCallDriver -> [0xfffffa80030263b0]
20:48:22.023 5 hpdskflt.sys[fffff88001ad3189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0xfffffa8002ebd680]
20:48:22.673 AVAST engine scan C:\Windows
20:48:26.414 AVAST engine scan C:\Windows\system32
20:50:13.339 AVAST engine scan C:\Windows\system32\drivers
20:50:24.037 AVAST engine scan C:\Users\Admin
20:51:19.831 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
20:51:19.932 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-05 20:48:05
-----------------------------
20:48:05.839 OS Version: Windows x64 6.1.7601 Service Pack 1
20:48:05.840 Number of processors: 2 586 0xF0D
20:48:05.841 ComputerName: MARGMATT UserName: Admin
20:48:06.966 Initialize success
20:48:09.948 AVAST engine defs: 11120401
20:48:14.119 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
20:48:14.122 Disk 0 Vendor: SAMSUNG_HM160HI HR100-08 Size: 152627MB BusType: 11
20:48:16.222 Disk 0 MBR read successfully
20:48:16.225 Disk 0 MBR scan
20:48:16.229 Disk 0 Windows 7 default MBR code
20:48:16.234 Service scanning
20:48:19.332 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
20:48:21.124 Service Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys **LOCKED** 32
20:48:21.971 Modules scanning
20:48:21.976 Disk 0 trace - called modules:
20:48:22.004 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:48:22.010 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003027790]
20:48:22.016 3 CLASSPNP.SYS[fffff88001af243f] -> nt!IofCallDriver -> [0xfffffa80030263b0]
20:48:22.023 5 hpdskflt.sys[fffff88001ad3189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0xfffffa8002ebd680]
20:48:22.673 AVAST engine scan C:\Windows
20:48:26.414 AVAST engine scan C:\Windows\system32
20:50:13.339 AVAST engine scan C:\Windows\system32\drivers
20:50:24.037 AVAST engine scan C:\Users\Admin
20:51:19.831 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
20:51:19.932 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"
20:52:14.478 AVAST engine scan C:\ProgramData
20:56:17.993 Scan finished successfully
20:56:40.754 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
20:56:40.767 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by Admin at 21:05:54 on 2011-12-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3063.1354 [GMT 11:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Glyn\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\InterVideo\DVD Check\DVDCheck.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\PDFCreator\PDFCreator.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\SysWOW64\WTMKM.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Real\RealPlayer\realplay.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\DllHost.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - C:\Program Files (x86)\Google\Chrome Frame\Application\15.0.874.121\npchrome_frame.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [EPSON Stylus Photo TX800FW(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEMP.EXE /FU "C:\Users\Admin\AppData\Local\Temp\E_S561C.tmp" /EF "HKCU"
uRun: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
mRun: [Ad-Watch] "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"
mRun: [CamAppSTI.exe] C:\Program Files (x86)\\USB2.0 PC Camera\CamAppSTI.exe
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [MacrokeyManager] WTMKM.exe
mRun: [RealTray] "C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
mRun: [RegistryMechanic]
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEVENT~1.EXE
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [openvpn-gui] C:\Program Files (x86)\personalVPN\bin\openvpn-gui.exe
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ZoneAlarm Installer] "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r download /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" /l /w
mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [aswAhAScr.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\AhAScr.dll"
mRunOnce: [InstallShieldSetup] C:\PROGRA~2\INSTAL~1\{34D2A~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{34D2A~1\reboot.ini
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DVDCHE~1.LNK - C:\Program Files (x86)\InterVideo\DVD Check\DVDCheck.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PDFCRE~1.LNK - C:\Program Files (x86)\PDFCreator\PDFCreator.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: &Search - ?p=ZUxdm080MXAU
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: Interfaces\{0B33FDB0-C903-4916-A62D-3865F6701353} : NameServer = 203.0.178.191,10.1.1.1
TCP: Interfaces\{16336A87-9120-47C3-8281-8ACC510640EE} : DhcpNameServer = 10.118.0.1
TCP: Interfaces\{21218833-E2A8-49DF-B63E-851EB6E3189E} : NameServer = 203.0.178.191,10.1.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\15.0.874.121\npchrome_frame.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
LSA: Authentication Packages = msv1_0 relog_ap
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\15.0.874.121\npchrome_frame.dll
BHO-X64: ChromeFrame BHO - No File
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun-x64: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
mRun-x64: [Ad-Watch] "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"
mRun-x64: [CamAppSTI.exe] C:\Program Files (x86)\\USB2.0 PC Camera\CamAppSTI.exe
mRun-x64: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [MacrokeyManager] WTMKM.exe
mRun-x64: [RealTray] "C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
mRun-x64: [RegistryMechanic]
mRun-x64: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun-x64: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEVENT~1.EXE
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [openvpn-gui] C:\Program Files (x86)\personalVPN\bin\openvpn-gui.exe
mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [ZoneAlarm Installer] "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r download /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" /l /w
mRun-x64: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [aswAhAScr.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\AhAScr.dll"
mRunOnce-x64: [InstallShieldSetup] C:\PROGRA~2\INSTAL~1\{34D2A~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{34D2A~1\reboot.ini
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
SEH-X64: SABShellExecuteHook Class: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ndy1y90l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16054&locale=en_US&q=
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.1908.5032\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll
FF - plugin: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2010-1-30 20376]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-12-5 44768]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-7-12 2152152]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-5 366152]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2008-10-1 809296]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2011-9-3 227896]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-8-13 17152]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2009-9-15 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2009-9-15 67656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9eb3c583f6fa3;Google Update Service (gupdate1c9eb3c583f6fa3);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-6-12 133104]
S3 AVEO;USB PC Camera;C:\Windows\System32\drivers\aveodcnt.sys [2009-8-7 281600]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2008-3-24 29744]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-6-12 133104]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NETw4v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw4v64.sys --> C:\Windows\system32\DRIVERS\NETw4v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-9-15 12872]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-12-05 09:39:06 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57EAC9D6-8E13-44A0-826C-9343C4431A17}\offreg.dll
2011-12-05 08:12:36 -------- d-----w- C:\Users\Admin\AppData\Roaming\Malwarebytes
2011-12-05 08:12:26 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-05 08:12:21 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-05 08:12:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-04 20:20:31 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57EAC9D6-8E13-44A0-826C-9343C4431A17}\mpengine.dll
2011-11-26 22:44:29 -------- d-----w- C:\Windows\System32\ZoneLabs
2011-11-26 22:44:28 458840 ----a-w- C:\Windows\SysWow64\drivers\vsdatant.sys
2011-11-14 09:57:59 -------- d-----w- C:\Users\Admin\AppData\Roaming\hpqLog
2011-11-14 06:56:57 -------- d-----w- C:\Program Files (x86)\CheckPoint
2011-11-08 20:35:40 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-08 20:35:37 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-08 20:35:32 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-08 20:35:24 3144704 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2011-11-28 18:01:25 41184 ----a-w- C:\Windows\avastSS.scr
2011-11-28 17:54:06 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-11-28 17:52:11 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-10-24 03:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 03:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 21:07:10.05 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 20/02/2010 11:27:04 PM
System Uptime: 5/12/2011 8:38:38 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 30C0
Processor: Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz | U10 | 1801/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 47.592 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 8 GiB total, 1.008 GiB free.
F: is FIXED (NTFS) - 2 GiB total, 1.745 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: TAP-Win32 Adapter V9
Device ID: ROOT\NET\0000
Manufacturer: TAP-Win32 Provider V9
Name: TAP-Win32 Adapter V9
PNP Device ID: ROOT\NET\0000
Service: tap0901
.
==== System Restore Points ===================
.
RP465: 27/11/2011 2:27:52 PM - Removed iPhone Configuration Utility
RP466: 29/11/2011 3:57:43 PM - Windows Update
RP467: 3/12/2011 1:33:44 PM - Windows Update
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Acronis*True*Image*Home
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
Application Installer 4.00.B13
avast! Free Antivirus
BitComet 1.10
Celestia 1.5.1
CometBird (3.0.7)
Compatibility Pack for the 2007 Office system
D3DX10
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DVD Shrink 3.2
Epson Easy Photo Print 2
Epson Event Manager
Epson Print CD
EPSON Scan
EPSON Stylus Photo PX700W_PX800FW_TX700W_TX800FW Manual
EpsonNet Print
ESU for Microsoft Vista
Free Notes & Office Ink
FUN ON ALPHABET FARM
Google Apps
Google Chrome
Google Chrome Frame
Google Desktop
Google Earth
Google Photos Screensaver
Google SketchUp 6
Google SketchUp 7.1
Google Talk (remove only)
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HP Active Support Library
HP Backup & Recovery Manager Installer
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Core
HP Easy Setup - Frontend
HP MULTIPLE MODEM INSTALLER for VISTA
HP Notebook Accessories Product Tour
HP Quick Launch Buttons
HP Update
HP User Guides 0064
HP Wireless Assistant
Human Japanese
InterVideo DVD Check
InterVideo WinDVD 8
IZArc 4.0 beta 1
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 22
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
Jimmy Neutron vs. Jimmy Negatron
LightScribe 1.4.136.1
LimeWire 5.5.14
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware version 1.51.2.1300
Map Maker Pro 3.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Office 2003 Web Components
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WorldWide Telescope
Mozilla Firefox 4.0 (x86 en-US)
Mozilla Thunderbird (3.1.4)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My First Reading & Spelling Words
Need for Speed Underground 2
NFS Underground
PDFCreator
Pen Pad Driver with Macro Key Manager
Phonics For Beginners
Photosynth 2.0.1403.12
Picasa 3
Power Presenter RE
QLBCASL
QuickTime
RealPlayer Basic
Registry Mechanic 4.0
Remote Control USB Driver
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Safari
SecondLife (remove only)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Excel 2010 (KB2553070)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Serif DrawPlus 4.0
Shark Tale
Sonic Activation Module
SoundMAX
Spelling Dictionaries Support For Adobe Reader 8
SpongeBob SquarePants - Nighty Nightmare
Spybot - Search & Destroy
Spybot - Search & Destroy 1.3
Stellarium 0.10.0
Sun Clock 6.5
SUPERAntiSpyware Free Edition
SyncToy 2.0 Beta
The Right Track (R) Software
The Wild Thornberrys Movie
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Ulead VideoStudio 7 SE VCD
Undelete Plus 2.98
Universe Sandbox
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
USB2.0 PC Camera
Vista Codec Package
Vista Default Settings
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebEx Support Manager for Internet Explorer
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Encoder 9 Series
WiTopia.Net personalVPN 1.8
XTrkCAD Model Railroad Design Software
ZoneAlarm Free
.
==== Event Viewer Messages From Past Week ========
.
5/12/2011 8:40:56 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/12/2011 8:40:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
5/12/2011 8:38:45 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/12/2011 8:38:45 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/12/2011 7:11:23 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/12/2011 5:59:47 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/12/2011 5:52:37 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/12/2011 5:44:38 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/12/2011 8:03:03 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
30/11/2011 7:14:16 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
30/11/2011 6:08:23 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
30/11/2011 2:31:36 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/12/2011 6:14:45 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/12/2011 1:24:07 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
29/11/2011 6:58:02 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
29/11/2011 3:49:22 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
28/11/2011 7:26:56 AM, Error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is GLYN-STUDY.
28/11/2011 7:06:01 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
28/11/2011 12:38:11 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
28/11/2011 11:31:33 AM, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.
28/11/2011 11:10:40 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
2/12/2011 7:48:29 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
2/12/2011 7:14:02 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/12/2011 7:15:50 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/12/2011 5:46:23 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.1.1.21. The computer with the IP address 10.1.1.3 did not allow the name to be claimed by this computer.
1/12/2011 5:46:11 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/12/2011 3:48:59 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/12/2011 10:18:32 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================

GlyndwrBartlett, pls do not start a new thread for every log. Keep them all in this original thread using the "post reply" button. I have merged them all for ease of reading/replying.

thanks.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================================

On a side note....Windows Defender is totally useless so just let it be off.

Then you're running three AV programs, Microsoft Security Essentials, avast! Antivirus and Lavasoft Ad-Watch Live! Anti-Virus.
TWO of them has to go.
I suggest Lavasoft is one of them.

When done....

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Hi Broni,

I have removed Lavasoft and MSE.

I ran ComboFix. It ran, deleted a few files and the rebooted. When the system restarted I logged in and ComboFix restarted and the ComboFix box containing a blue colour flashed on and off all over the screen. Eventually I was able to catch it and stop it by selecting the upper right hand corner "X". I could not find C\:ComboFix.txt so I rep-ran it. This time no files were deleted and I found C\:ComboFix\ComboFix.txt which I have included.

Regards and thanks for your help,

Glyn

p.s., I shall be traveling for a while with work, however I will keep in touch and will be back on weekends.

ComboFix 11-12-05.04 - Admin 06/12/2011 17:44:40.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3063.1659 [GMT 11:00]
Running from: C:\Users\Glyn\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Combofix log is incomplete.
Delete your Combofix file, download fresh one and run it again.

Thanks Broni,

I will do that when I get home this weekend.

Regards,

Glyn

No problem :)

Hi Broni,

I have deleted ComboFix and reinstalled it. Please see below the log from ComboFix. It looks the same as last time. After ComboFix finishes runing it restarts the computer and when I logon ComboFix automatically restarts. Could this result in the log being over writen?

Regards,

Glyn

ComboFix 11-12-09.02 - Admin 09/12/2011 19:50:52.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3063.1676 [GMT 11:00]
Running from: C:\Users\Glyn\Downloads\ComboFix\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

For some reason we're getting just a header of Combofix log.

Try to re-run it from safe mode.

Hi Broni,

Sorry I was not able to run this in safe mode on the weekend. I will do it this weekend.

Regards,

Glyn

No problem :)

Hi Broni,

The old thread is closed so I have attached the ComboFix file contents here. When I started running ComboFix in Safe mode I received a message saying Avast was running. I could not find it running and in the control panel it said it was stopped.

Regards,

Glyn

ComboFix 11-12-16.03 - Admin 17/12/2011 16:46:40.5.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3063.1928 [GMT 11:00]
Running from: C:\Users\Glyn\Downloads\ComboFix\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point

You forgot one of my rules which says:

Quote:

---

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

---

This time I'll merge both topics.

Download TDSSKiller and save it to your desktop.

• Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Hi Broni,

Thank you.

Hi Broni,

Please see below.

Regards,

Glyn

12:36:15.0066 5212 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
12:36:16.0953 5212 ============================================================
12:36:16.0953 5212 Current date / time: 2011/12/18 12:36:16.0953
12:36:16.0953 5212 SystemInfo:
12:36:16.0953 5212
12:36:16.0953 5212 OS Version: 6.1.7601 ServicePack: 1.0
12:36:16.0953 5212 Product type: Workstation
12:36:16.0954 5212 ComputerName: MARGMATT
12:36:16.0954 5212 UserName: Admin
12:36:16.0954 5212 Windows directory: C:\Windows
12:36:16.0954 5212 System windows directory: C:\Windows
12:36:16.0954 5212 Running under WOW64
12:36:16.0954 5212 Processor architecture: Intel x64
12:36:16.0954 5212 Number of processors: 2
12:36:16.0954 5212 Page size: 0x1000
12:36:16.0954 5212 Boot type: Normal boot
12:36:16.0954 5212 ============================================================
12:36:18.0165 5212 Initialize success
12:36:31.0787 6844 ============================================================
12:36:31.0787 6844 Scan started
12:36:31.0787 6844 Mode: Manual;
12:36:31.0787 6844 ============================================================
12:36:32.0497 6844 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:36:32.0500 6844 1394ohci - ok
12:36:32.0541 6844 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
12:36:32.0541 6844 Accelerometer - ok
12:36:32.0648 6844 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:36:32.0654 6844 ACPI - ok
12:36:32.0698 6844 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:36:32.0700 6844 AcpiPmi - ok
12:36:32.0795 6844 ADIHdAudAddService (7966c2e1d2fc95bd6246ac1e45ba5e31) C:\Windows\system32\drivers\ADIHdAud.sys
12:36:32.0803 6844 ADIHdAudAddService - ok
12:36:32.0890 6844 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:36:32.0900 6844 adp94xx - ok
12:36:32.0951 6844 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:36:32.0958 6844 adpahci - ok
12:36:32.0996 6844 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:36:33.0000 6844 adpu320 - ok
12:36:33.0075 6844 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
12:36:33.0085 6844 AFD - ok
12:36:33.0165 6844 AgereSoftModem (70e15cda25e151dfc60636ef73f5a7be) C:\Windows\system32\DRIVERS\agrsm64.sys
12:36:33.0186 6844 AgereSoftModem - ok
12:36:33.0226 6844 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:36:33.0229 6844 agp440 - ok
12:36:33.0262 6844 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:36:33.0264 6844 aliide - ok
12:36:33.0285 6844 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:36:33.0286 6844 amdide - ok
12:36:33.0355 6844 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:36:33.0358 6844 AmdK8 - ok
12:36:33.0391 6844 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:36:33.0394 6844 AmdPPM - ok
12:36:33.0447 6844 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:36:33.0450 6844 amdsata - ok
12:36:33.0497 6844 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:36:33.0502 6844 amdsbs - ok
12:36:33.0528 6844 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:36:33.0529 6844 amdxata - ok
12:36:33.0617 6844 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:36:33.0620 6844 AppID - ok
12:36:33.0717 6844 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:36:33.0720 6844 arc - ok
12:36:33.0800 6844 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:36:33.0803 6844 arcsas - ok
12:36:33.0844 6844 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
12:36:33.0845 6844 aswFsBlk - ok
12:36:33.0874 6844 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
12:36:33.0875 6844 aswMonFlt - ok
12:36:33.0907 6844 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
12:36:33.0908 6844 aswRdr - ok
12:36:33.0990 6844 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
12:36:33.0995 6844 aswSnx - ok
12:36:34.0049 6844 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
12:36:34.0051 6844 aswSP - ok
12:36:34.0099 6844 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
12:36:34.0100 6844 aswTdi - ok
12:36:34.0155 6844 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:36:34.0157 6844 AsyncMac - ok
12:36:34.0188 6844 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:36:34.0188 6844 atapi - ok
12:36:34.0260 6844 ATSWPDRV (82d355f1442ff1e72002d5293fb15945) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
12:36:34.0262 6844 ATSWPDRV - ok
12:36:34.0345 6844 AVEO (462e1ef714d5c853572462d7f50ef602) C:\Windows\system32\DRIVERS\AVEOdcnt.sys
12:36:34.0352 6844 AVEO - ok
12:36:34.0410 6844 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:36:34.0419 6844 b06bdrv - ok
12:36:34.0472 6844 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:36:34.0477 6844 b57nd60a - ok
12:36:34.0522 6844 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:36:34.0523 6844 Beep - ok
12:36:34.0646 6844 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:36:34.0648 6844 blbdrive - ok
12:36:34.0738 6844 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:36:34.0740 6844 bowser - ok
12:36:34.0777 6844 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:36:34.0779 6844 BrFiltLo - ok
12:36:34.0808 6844 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:36:34.0810 6844 BrFiltUp - ok
12:36:34.0842 6844 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:36:34.0849 6844 Brserid - ok
12:36:34.0876 6844 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:36:34.0879 6844 BrSerWdm - ok
12:36:34.0912 6844 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:36:34.0914 6844 BrUsbMdm - ok
12:36:34.0950 6844 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:36:34.0952 6844 BrUsbSer - ok
12:36:34.0987 6844 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:36:34.0990 6844 BTHMODEM - ok
12:36:35.0168 6844 catchme - ok
12:36:35.0215 6844 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:36:35.0218 6844 cdfs - ok
12:36:35.0278 6844 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:36:35.0281 6844 cdrom - ok
12:36:35.0321 6844 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:36:35.0323 6844 circlass - ok
12:36:35.0388 6844 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:36:35.0395 6844 CLFS - ok
12:36:35.0474 6844 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:36:35.0475 6844 CmBatt - ok
12:36:35.0504 6844 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:36:35.0507 6844 cmdide - ok
12:36:35.0564 6844 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
12:36:35.0574 6844 CNG - ok
12:36:35.0728 6844 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:36:35.0729 6844 Compbatt - ok
12:36:35.0768 6844 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:36:35.0770 6844 CompositeBus - ok
12:36:35.0813 6844 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:36:35.0815 6844 crcdisk - ok
12:36:35.0914 6844 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:36:35.0918 6844 DfsC - ok
12:36:35.0947 6844 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:36:35.0949 6844 discache - ok
12:36:35.0992 6844 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:36:35.0993 6844 Disk - ok
12:36:36.0072 6844 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:36:36.0073 6844 drmkaud - ok
12:36:36.0158 6844 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:36:36.0165 6844 DXGKrnl - ok
12:36:36.0283 6844 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:36:36.0336 6844 ebdrv - ok
12:36:36.0404 6844 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:36:36.0414 6844 elxstor - ok
12:36:36.0467 6844 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:36:36.0469 6844 ErrDev - ok
12:36:36.0506 6844 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:36:36.0510 6844 exfat - ok
12:36:36.0539 6844 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:36:36.0544 6844 fastfat - ok
12:36:36.0643 6844 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:36:36.0645 6844 fdc - ok
12:36:36.0694 6844 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:36:36.0696 6844 FileInfo - ok
12:36:36.0724 6844 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:36:36.0727 6844 Filetrace - ok
12:36:36.0752 6844 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:36:36.0754 6844 flpydisk - ok
12:36:36.0882 6844 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:36:36.0918 6844 FltMgr - ok
12:36:37.0035 6844 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:36:37.0037 6844 FsDepends - ok
12:36:37.0062 6844 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:36:37.0063 6844 Fs_Rec - ok
12:36:37.0129 6844 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:36:37.0133 6844 fvevol - ok
12:36:37.0173 6844 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:36:37.0176 6844 gagp30kx - ok
12:36:37.0275 6844 HBtnKey (93c3c66d38b0bc08a04f0b28055bc9ac) C:\Windows\system32\DRIVERS\cpqbttn.sys
12:36:37.0275 6844 HBtnKey - ok
12:36:37.0305 6844 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:36:37.0307 6844 hcw85cir - ok
12:36:37.0362 6844 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:36:37.0363 6844 HDAudBus - ok
12:36:37.0388 6844 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:36:37.0391 6844 HidBatt - ok
12:36:37.0425 6844 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:36:37.0428 6844 HidBth - ok
12:36:37.0466 6844 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:36:37.0469 6844 HidIr - ok
12:36:37.0518 6844 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:36:37.0520 6844 HidUsb - ok
12:36:37.0607 6844 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
12:36:37.0608 6844 hpdskflt - ok
12:36:37.0672 6844 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
12:36:37.0674 6844 HpqKbFiltr - ok
12:36:37.0771 6844 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:36:37.0774 6844 HpSAMD - ok
12:36:37.0876 6844 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:36:37.0889 6844 HTTP - ok
12:36:37.0937 6844 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:36:37.0938 6844 hwpolicy - ok
12:36:37.0976 6844 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:36:37.0979 6844 i8042prt - ok
12:36:38.0033 6844 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:36:38.0041 6844 iaStorV - ok
12:36:38.0261 6844 igfx (24cc43ecdeefd4c19fbbee4951b647f1) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:36:38.0358 6844 igfx - ok
12:36:38.0530 6844 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:36:38.0533 6844 iirsp - ok
12:36:38.0578 6844 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:36:38.0579 6844 intelide - ok
12:36:38.0629 6844 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:36:38.0630 6844 intelppm - ok
12:36:38.0687 6844 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:36:38.0689 6844 IpFilterDriver - ok
12:36:38.0772 6844 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:36:38.0775 6844 IPMIDRV - ok
12:36:38.0818 6844 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:36:38.0822 6844 IPNAT - ok
12:36:38.0858 6844 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:36:38.0860 6844 IRENUM - ok
12:36:38.0892 6844 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:36:38.0894 6844 isapnp - ok
12:36:38.0943 6844 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:36:38.0949 6844 iScsiPrt - ok
12:36:38.0991 6844 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:36:38.0992 6844 kbdclass - ok
12:36:39.0024 6844 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:36:39.0026 6844 kbdhid - ok
12:36:39.0077 6844 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
12:36:39.0079 6844 KSecDD - ok
12:36:39.0132 6844 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
12:36:39.0135 6844 KSecPkg - ok
12:36:39.0206 6844 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:36:39.0208 6844 ksthunk - ok
12:36:39.0260 6844 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys
12:36:39.0262 6844 Lbd - ok
12:36:39.0320 6844 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:36:39.0322 6844 lltdio - ok
12:36:39.0377 6844 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:36:39.0380 6844 LSI_FC - ok
12:36:39.0418 6844 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:36:39.0421 6844 LSI_SAS - ok
12:36:39.0450 6844 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:36:39.0453 6844 LSI_SAS2 - ok
12:36:39.0483 6844 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:36:39.0486 6844 LSI_SCSI - ok
12:36:39.0510 6844 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:36:39.0513 6844 luafv - ok
12:36:39.0631 6844 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
12:36:39.0633 6844 MBAMProtector - ok
12:36:39.0683 6844 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:36:39.0686 6844 megasas - ok
12:36:39.0740 6844 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:36:39.0746 6844 MegaSR - ok
12:36:39.0838 6844 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:36:39.0840 6844 Modem - ok
12:36:39.0874 6844 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:36:39.0875 6844 monitor - ok
12:36:39.0915 6844 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:36:39.0916 6844 mouclass - ok
12:36:39.0946 6844 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:36:39.0948 6844 mouhid - ok
12:36:40.0005 6844 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:36:40.0007 6844 mountmgr - ok
12:36:40.0059 6844 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:36:40.0063 6844 mpio - ok
12:36:40.0092 6844 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:36:40.0095 6844 mpsdrv - ok
12:36:40.0159 6844 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:36:40.0163 6844 MRxDAV - ok
12:36:40.0194 6844 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:36:40.0198 6844 mrxsmb - ok
12:36:40.0232 6844 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:36:40.0238 6844 mrxsmb10 - ok
12:36:40.0269 6844 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:36:40.0273 6844 mrxsmb20 - ok
12:36:40.0296 6844 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:36:40.0297 6844 msahci - ok
12:36:40.0332 6844 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:36:40.0337 6844 msdsm - ok
12:36:40.0374 6844 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:36:40.0376 6844 Msfs - ok
12:36:40.0413 6844 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:36:40.0415 6844 mshidkmdf - ok
12:36:40.0439 6844 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:36:40.0440 6844 msisadrv - ok
12:36:40.0479 6844 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:36:40.0481 6844 MSKSSRV - ok
12:36:40.0527 6844 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:36:40.0530 6844 MSPCLOCK - ok
12:36:40.0622 6844 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:36:40.0624 6844 MSPQM - ok
12:36:40.0687 6844 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:36:40.0694 6844 MsRPC - ok
12:36:40.0725 6844 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:36:40.0726 6844 mssmbios - ok
12:36:40.0758 6844 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:36:40.0761 6844 MSTEE - ok
12:36:40.0794 6844 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:36:40.0796 6844 MTConfig - ok
12:36:40.0834 6844 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:36:40.0836 6844 Mup - ok
12:36:40.0910 6844 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:36:40.0916 6844 NativeWifiP - ok
12:36:40.0999 6844 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:36:41.0015 6844 NDIS - ok
12:36:41.0047 6844 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:36:41.0049 6844 NdisCap - ok
12:36:41.0090 6844 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:36:41.0092 6844 NdisTapi - ok
12:36:41.0144 6844 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:36:41.0146 6844 Ndisuio - ok
12:36:41.0208 6844 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:36:41.0212 6844 NdisWan - ok
12:36:41.0259 6844 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:36:41.0261 6844 NDProxy - ok
12:36:41.0302 6844 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:36:41.0304 6844 NetBIOS - ok
12:36:41.0361 6844 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:36:41.0366 6844 NetBT - ok
12:36:41.0531 6844 NETw4v64 (520d367b45b12a75022b0070fff2b937) C:\Windows\system32\DRIVERS\NETw4v64.sys
12:36:41.0581 6844 NETw4v64 - ok
12:36:41.0821 6844 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
12:36:41.0904 6844 netw5v64 - ok
12:36:42.0107 6844 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:36:42.0110 6844 nfrd960 - ok
12:36:42.0153 6844 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:36:42.0156 6844 Npfs - ok
12:36:42.0177 6844 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:36:42.0180 6844 nsiproxy - ok
12:36:42.0256 6844 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:36:42.0284 6844 Ntfs - ok
12:36:42.0305 6844 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:36:42.0307 6844 Null - ok
12:36:42.0358 6844 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:36:42.0363 6844 nvraid - ok
12:36:42.0407 6844 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:36:42.0412 6844 nvstor - ok
12:36:42.0466 6844 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:36:42.0470 6844 nv_agp - ok
12:36:42.0498 6844 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:36:42.0501 6844 ohci1394 - ok
12:36:42.0654 6844 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:36:42.0657 6844 Parport - ok
12:36:42.0709 6844 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:36:42.0711 6844 partmgr - ok
12:36:42.0747 6844 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:36:42.0750 6844 pci - ok
12:36:42.0771 6844 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:36:42.0772 6844 pciide - ok
12:36:42.0799 6844 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:36:42.0803 6844 pcmcia - ok
12:36:42.0823 6844 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:36:42.0824 6844 pcw - ok
12:36:42.0864 6844 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:36:42.0876 6844 PEAUTH - ok
12:36:42.0983 6844 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:36:42.0986 6844 PptpMiniport - ok
12:36:43.0016 6844 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:36:43.0018 6844 Processor - ok
12:36:43.0107 6844 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:36:43.0111 6844 Psched - ok
12:36:43.0144 6844 PxHlpa64 (24dd667d22dbd29618947c804e23aa03) C:\Windows\system32\Drivers\PxHlpa64.sys
12:36:43.0145 6844 PxHlpa64 - ok
12:36:43.0220 6844 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:36:43.0246 6844 ql2300 - ok
12:36:43.0277 6844 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:36:43.0281 6844 ql40xx - ok
12:36:43.0311 6844 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:36:43.0314 6844 QWAVEdrv - ok
12:36:43.0349 6844 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:36:43.0351 6844 RasAcd - ok
12:36:43.0398 6844 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:36:43.0400 6844 RasAgileVpn - ok
12:36:43.0474 6844 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:36:43.0478 6844 Rasl2tp - ok
12:36:43.0505 6844 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:36:43.0508 6844 RasPppoe - ok
12:36:43.0530 6844 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:36:43.0533 6844 RasSstp - ok
12:36:43.0632 6844 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:36:43.0639 6844 rdbss - ok
12:36:43.0712 6844 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:36:43.0714 6844 rdpbus - ok
12:36:43.0759 6844 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:36:43.0761 6844 RDPCDD - ok
12:36:43.0791 6844 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:36:43.0793 6844 RDPENCDD - ok
12:36:43.0821 6844 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:36:43.0823 6844 RDPREFMP - ok
12:36:43.0886 6844 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
12:36:43.0891 6844 RDPWD - ok
12:36:43.0958 6844 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:36:43.0962 6844 rdyboost - ok
12:36:44.0018 6844 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:36:44.0021 6844 rspndr - ok
12:36:44.0117 6844 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS
12:36:44.0117 6844 SASDIFSV - ok
12:36:44.0146 6844 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS
12:36:44.0148 6844 SASENUM - ok
12:36:44.0176 6844 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys
12:36:44.0177 6844 SASKUTIL - ok
12:36:44.0212 6844 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:36:44.0216 6844 sbp2port - ok
12:36:44.0274 6844 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:36:44.0276 6844 scfilter - ok
12:36:44.0325 6844 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:36:44.0327 6844 secdrv - ok
12:36:44.0365 6844 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:36:44.0367 6844 Serenum - ok
12:36:44.0401 6844 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:36:44.0404 6844 Serial - ok
12:36:44.0462 6844 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:36:44.0464 6844 sermouse - ok
12:36:44.0521 6844 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:36:44.0524 6844 sffdisk - ok
12:36:44.0560 6844 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:36:44.0567 6844 sffp_mmc - ok
12:36:44.0650 6844 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:36:44.0652 6844 sffp_sd - ok
12:36:44.0683 6844 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:36:44.0685 6844 sfloppy - ok
12:36:44.0749 6844 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:36:44.0751 6844 SiSRaid2 - ok
12:36:44.0782 6844 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:36:44.0785 6844 SiSRaid4 - ok
12:36:44.0829 6844 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:36:44.0833 6844 Smb - ok
12:36:44.0910 6844 snapman (d33f37dd403741982dbe99c7b6b6ff63) C:\Windows\system32\DRIVERS\snapman.sys
12:36:44.0914 6844 snapman - ok
12:36:44.0962 6844 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:36:44.0963 6844 spldr - ok
12:36:45.0036 6844 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:36:45.0040 6844 srv - ok
12:36:45.0068 6844 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:36:45.0076 6844 srv2 - ok
12:36:45.0106 6844 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:36:45.0111 6844 srvnet - ok
12:36:45.0163 6844 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:36:45.0165 6844 stexstor - ok
12:36:45.0220 6844 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:36:45.0222 6844 swenum - ok
12:36:45.0323 6844 SynTP (d268d2a0db2a2bbe963e688d0b039267) C:\Windows\system32\DRIVERS\SynTP.sys
12:36:45.0333 6844 SynTP - ok
12:36:45.0395 6844 tap0901 (7ccf5587bdcd50c102b526e69da40bf0) C:\Windows\system32\DRIVERS\tap0901.sys
12:36:45.0398 6844 tap0901 - ok
12:36:45.0512 6844 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:36:45.0543 6844 Tcpip - ok
12:36:45.0626 6844 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:36:45.0639 6844 TCPIP6 - ok
12:36:45.0696 6844 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:36:45.0698 6844 tcpipreg - ok
12:36:45.0752 6844 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:36:45.0754 6844 TDPIPE - ok
12:36:45.0822 6844 tdrpman (0735948466ec4fd24aa4ad36448c6888) C:\Windows\system32\DRIVERS\tdrpman.sys
12:36:45.0833 6844 tdrpman - ok
12:36:45.0858 6844 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:36:45.0861 6844 TDTCP - ok
12:36:45.0926 6844 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:36:45.0929 6844 tdx - ok
12:36:45.0967 6844 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:36:45.0968 6844 TermDD - ok
12:36:46.0018 6844 tifsfilter (3e24b7fe52bc455da8d6e2cc2b4ca23f) C:\Windows\system32\DRIVERS\tifsfilt.sys
12:36:46.0019 6844 tifsfilter - ok
12:36:46.0064 6844 timounter (ec4fd4d147985a97e881729e808e6f34) C:\Windows\system32\DRIVERS\timntr.sys
12:36:46.0077 6844 timounter - ok
12:36:46.0168 6844 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
12:36:46.0171 6844 TPM - ok
12:36:46.0234 6844 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:36:46.0237 6844 tssecsrv - ok
12:36:46.0311 6844 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:36:46.0314 6844 TsUsbFlt - ok
12:36:46.0392 6844 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:36:46.0393 6844 tunnel - ok
12:36:46.0438 6844 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:36:46.0441 6844 uagp35 - ok
12:36:46.0511 6844 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:36:46.0518 6844 udfs - ok
12:36:46.0635 6844 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:36:46.0638 6844 uliagpkx - ok
12:36:46.0677 6844 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:36:46.0679 6844 umbus - ok
12:36:46.0707 6844 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:36:46.0710 6844 UmPass - ok
12:36:46.0746 6844 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
12:36:46.0749 6844 usbccgp - ok
12:36:46.0783 6844 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:36:46.0787 6844 usbcir - ok
12:36:46.0828 6844 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
12:36:46.0831 6844 usbehci - ok
12:36:46.0878 6844 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:36:46.0885 6844 usbhub - ok
12:36:46.0914 6844 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:36:46.0916 6844 usbohci - ok
12:36:46.0947 6844 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:36:46.0949 6844 usbprint - ok
12:36:46.0992 6844 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:36:46.0995 6844 USBSTOR - ok
12:36:47.0024 6844 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:36:47.0026 6844 usbuhci - ok
12:36:47.0074 6844 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:36:47.0075 6844 vdrvroot - ok
12:36:47.0126 6844 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:36:47.0128 6844 vga - ok
12:36:47.0150 6844 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:36:47.0152 6844 VgaSave - ok
12:36:47.0186 6844 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:36:47.0191 6844 vhdmp - ok
12:36:47.0219 6844 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:36:47.0222 6844 viaide - ok
12:36:47.0265 6844 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:36:47.0267 6844 volmgr - ok
12:36:47.0332 6844 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:36:47.0338 6844 volmgrx - ok
12:36:47.0372 6844 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:36:47.0377 6844 volsnap - ok
12:36:47.0449 6844 Vsdatant (48bfa6276bcc0535f5f8898107ed489a) C:\Windows\system32\DRIVERS\vsdatant.sys
12:36:47.0453 6844 Vsdatant - ok
12:36:47.0608 6844 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:36:47.0613 6844 vsmraid - ok
12:36:47.0652 6844 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:36:47.0654 6844 vwifibus - ok
12:36:47.0776 6844 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:36:47.0778 6844 WacomPen - ok
12:36:47.0852 6844 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:36:47.0856 6844 WANARP - ok
12:36:47.0870 6844 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:36:47.0872 6844 Wanarpv6 - ok
12:36:47.0919 6844 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:36:47.0922 6844 Wd - ok
12:36:47.0958 6844 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:36:47.0969 6844 Wdf01000 - ok
12:36:48.0036 6844 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:36:48.0039 6844 WfpLwf - ok
12:36:48.0074 6844 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
12:36:48.0079 6844 WimFltr - ok
12:36:48.0109 6844 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:36:48.0111 6844 WIMMount - ok
12:36:48.0200 6844 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:36:48.0201 6844 WmiAcpi - ok
12:36:48.0263 6844 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:36:48.0265 6844 ws2ifsl - ok
12:36:48.0342 6844 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:36:48.0346 6844 WudfPf - ok
12:36:48.0390 6844 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:36:48.0395 6844 WUDFRd - ok
12:36:48.0531 6844 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:36:48.0536 6844 \Device\Harddisk0\DR0 - ok
12:36:48.0541 6844 Boot (0x1200) (f6354d8a734fc9d5d41869fbc9ac0775) \Device\Harddisk0\DR0\Partition0
12:36:48.0545 6844 \Device\Harddisk0\DR0\Partition0 - ok
12:36:48.0594 6844 Boot (0x1200) (eaa0893ddb5e09df15a366337b0a3b24) \Device\Harddisk0\DR0\Partition1
12:36:48.0595 6844 \Device\Harddisk0\DR0\Partition1 - ok
12:36:48.0613 6844 Boot (0x1200) (4449117adc3558b9ce802c0a42128746) \Device\Harddisk0\DR0\Partition2
12:36:48.0615 6844 \Device\Harddisk0\DR0\Partition2 - ok
12:36:48.0615 6844 ============================================================
12:36:48.0615 6844 Scan finished
12:36:48.0615 6844 ============================================================
12:36:48.0628 4940 Detected object count: 0
12:36:48.0628 4940 Actual detected object count: 0

How is computer doing at the moment?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Thanks Broni,

I get home on Thursday PM so I will try to get this done on Friday.

My wife telephoned me. She lost some folders in her Mozilla Thunderbird email client. Would anything I have done have caused this?

Regards,

Glyn

I don't think so.

Thank you.

You're very welcome https://discussions.virtualdr.com/

Hi Broni,

I am having trouble posting the results back. The file is over 50,000 characters so I split it in half. However, now the VirtualDr web page goes completly white when I then select "submit reply". :confused:

Regards,

Glyn

OTL.TXT part 1

OTL logfile created on: 23/12/2011 8:37:11 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Glyn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.99 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 60.56% Memory free
5.98 Gb Paging File | 4.46 Gb Available in Paging File | 74.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139.04 Gb Total Space | 45.46 Gb Free Space | 32.69% Space Free | Partition Type: NTFS
Drive E: | 8.01 Gb Total Space | 1.01 Gb Free Space | 12.59% Space Free | Partition Type: NTFS
Drive F: | 2.01 Gb Total Space | 1.75 Gb Free Space | 86.95% Space Free | Partition Type: NTFS

Computer Name: MARGMATT | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/23 08:32:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Glyn\Desktop\OTL.exe
PRC - [2011/11/29 05:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/11/29 05:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/22 23:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2011/03/18 01:24:50 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/11/11 15:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2008/08/14 14:39:56 | 000,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/07/30 18:39:42 | 001,969,824 | ---- | M] () -- C:\Windows\SysWOW64\WTMKM.exe
PRC - [2008/05/07 16:28:32 | 000,591,696 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2007/09/07 22:46:28 | 000,492,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007/09/07 22:04:16 | 000,905,056 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2007/09/07 22:00:52 | 000,140,568 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007/09/07 21:59:40 | 002,595,480 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe

OTL.txt Part 2

========== Modules (No Company Name) ==========

MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2008/07/30 18:39:42 | 001,969,824 | ---- | M] () -- C:\Windows\SysWOW64\WTMKM.exe
MOD - [2008/03/24 14:22:58 | 000,034,816 | ---- | M] () -- C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll
MOD - [2007/09/07 02:44:40 | 001,328,408 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\fox.dll
MOD - [2006/08/29 10:29:00 | 000,180,224 | ---- | M] () -- C:\Windows\SysWOW64\ATWTINK.DLL


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/29 05:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/05/13 19:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/07/14 12:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/08/26 20:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/02/06 11:45:30 | 000,080,384 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/22 23:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/06/22 03:00:24 | 000,037,888 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\personalVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 08:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2008/08/14 14:39:56 | 000,809,296 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/09/07 22:46:28 | 000,492,600 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/09/07 22:01:02 | 000,599,320 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/29 04:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/29 04:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/29 04:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/29 04:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/29 04:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/29 04:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/13 19:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 19:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/11 17:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 17:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 00:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/12 19:55:39 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/06/22 03:02:04 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010/06/04 02:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/05/15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2010/02/25 01:02:38 | 000,019,000 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CPQBTTN.sys -- (HBtnKey)
DRV:64bit: - [2009/09/23 20:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/09 10:21:57 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2009/08/09 10:21:57 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2009/08/09 10:21:52 | 000,229,408 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2009/08/09 10:21:48 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2009/07/30 10:00:40 | 000,307,072 | ---- | M] (AVEO Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVEOdcnt.sys -- (AVEO)
DRV:64bit: - [2009/07/14 12:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 10:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/11 07:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/11 07:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 07:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2008/11/21 23:05:22 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/04/24 17:25:48 | 000,402,432 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2007/10/31 18:44:38 | 003,197,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw4v64.sys -- (NETw4v64) Intel(R)
DRV:64bit: - [2007/02/23 12:39:22 | 000,208,008 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV:64bit: - [2006/11/03 06:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2006/07/24 21:00:00 | 000,052,664 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2010/12/04 17:03:12 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/12/04 17:03:12 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/12/04 17:03:12 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/05/15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009/07/14 12:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/17 16:04:22 | 000,281,600 | ---- | M] (AVEO Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\aveodcnt.sys -- (AVEO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

OTL.txt Part 3

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-969322467-523409355-1963906759-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-969322467-523409355-1963906759-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-969322467-523409355-1963906759-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/ig?sourceid...en&source=iglk
IE - HKU\S-1-5-21-969322467-523409355-1963906759-1010\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-969322467-523409355-1963906759-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-969322467-523409355-1963906759-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-969322467-523409355-1963906759-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-969322467-523409355-1963906759-1011\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-969322467-523409355-1963906759-1011\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-969322467-523409355-1963906759-1011\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-969322467-523409355-1963906759-1011\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-21-969322467-523409355-1963906759-1011\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKU\S-1-5-21-969322467-523409355-1963906759-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-969322467-523409355-1963906759-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.00
FF - prefs.js..extensions.enabledItems: [email protected]:0.19.3
FF - prefs.js..extensions.enabledItems: {567F62D2-2162-43fe-A573-E5620D0934B2}:1.5
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.07
FF - prefs.js..extensions.enabledItems: {F5CEF9AD-F6AF-4b69-AB6D-936BF6BCB6D7}:1.3

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/02/28 07:58:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/12/05 07:15:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/29 16:07:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/29 16:07:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/11/29 16:07:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{57E72829-C158-4341-BBED-58F0AD1740FD}: C:\Program Files (x86)\Google\Google Photos Screensaver\FF_ext [2010/02/20 22:06:16 | 000,000,000 | ---D | M]

[2010/02/20 22:31:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2009/10/09 20:15:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/05/28 14:41:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ndy1y90l.default\extensions
[2010/02/20 22:31:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ndy1y90l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/20 22:31:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ndy1y90l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/05/28 14:41:14 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ndy1y90l.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2010/12/22 18:16:51 | 000,000,000 | ---D | M] ("LimeWire Toolbar") -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ndy1y90l.default\extensions\[email protected]
[2011/05/15 15:59:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/14 11:16:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/02/20 22:04:43 | 000,000,000 | ---D | M] (Browser UI Enhancement) -- C:\PROGRAM FILES (X86)\COMETBIRD\EXTENSIONS\{567F62D2-2162-43FE-A573-E5620D0934B2}
[2010/02/20 22:04:44 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\PROGRAM FILES (X86)\COMETBIRD\EXTENSIONS\{B042753D-F57E-4E8E-A01B-7379A6D4CEFB}
[2010/02/20 22:04:44 | 000,000,000 | ---D | M] (Software Update Checker) -- C:\PROGRAM FILES (X86)\COMETBIRD\EXTENSIONS\{F5CEF9AD-F6AF-4B69-AB6D-936BF6BCB6D7}
[2010/02/20 22:04:43 | 000,000,000 | ---D | M] (CometMarks Bookmark Synchronizer) -- C:\PROGRAM FILES (X86)\COMETBIRD\EXTENSIONS\[email protected]
[2010/02/20 22:04:43 | 000,000,000 | ---D | M] (Ctrl-Tab) -- C:\PROGRAM FILES (X86)\COMETBIRD\EXTENSIONS\[email protected]
[2011/03/19 04:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/03/14 11:16:35 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 19:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

OTL.txt Part 4

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: (Enabled) = C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: avast! WebRep = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: Poppit = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/12/06 17:16:14 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\16.0.912.63\npchrome_frame.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKU\S-1-5-21-969322467-523409355-1963906759-1010\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-969322467-523409355-1963906759-1011\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSConfig] C:\Windows\SysNative\msconfig.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CamAppSTI.exe] C:\Program Files (x86)\\USB2.0 PC Camera\CamAppSTI.exe ()
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF20962.3XE /c C:\ComboFix\Combobatch.bat File not found
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MacrokeyManager] C:\Windows\SysWow64\WTMKM.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [openvpn-gui] C:\Program Files (x86)\personalVPN\bin\openvpn-gui.exe File not found
O4 - HKLM..\Run: [RealTray] C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [RegistryMechanic] File not found
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKLM..\Run: [ZoneAlarm Installer] C:\Program Files (x86)\CheckPoint\Install\Launcher.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-969322467-523409355-1963906759-1010..\Run: [EPSON Stylus Photo TX800FW(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEMP.EXE /FU "C:\Windows\TEMP\E_S3285.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-969322467-523409355-1963906759-1010..\Run: [googletalk] C:\Users\Glyn\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-969322467-523409355-1963906759-1010..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-969322467-523409355-1963906759-1011..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-969322467-523409355-1963906759-1011..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-969322467-523409355-1963906759-1011..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f File not found
O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe ()
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF20962.3XE /c C:\ComboFixCombobatch.bat File not found
O4 - HKLM..\RunOnce: [InstallShieldSetup] C:\Program Files (x86)\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe (Acresso Software Inc. )
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O4 - Startup: C:\Users\Glyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = File not found
O4 - Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = File not found
O4 - Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = File not found
O4 - Startup: C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = File not found
O4 - Startup: C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-969322467-523409355-1963906759-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-969322467-523409355-1963906759-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-969322467-523409355-1963906759-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-969322467-523409355-1963906759-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-969322467-523409355-1963906759-1011\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-969322467-523409355-1963906759-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-969322467-523409355-1963906759-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-969322467-523409355-1963906759-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-969322467-523409355-1963906759-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O15 - HKU\S-1-5-21-969322467-523409355-1963906759-1010\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-969322467-523409355-1963906759-1011\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B33FDB0-C903-4916-A62D-3865F6701353}: NameServer = 203.0.178.191,10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16336A87-9120-47C3-8281-8ACC510640EE}: DhcpNameServer = 10.118.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21218833-E2A8-49DF-B63E-851EB6E3189E}: NameServer = 203.0.178.191,10.1.1.1
O18:64bit: - Protocol\Handler\cf - No CLSID value found
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\16.0.912.63\npchrome_frame.dll (Google Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) -C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.I420 - File not found
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\divxa32.acm (Kristal StudioD
FileDescription)
Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

OTL.txt Part 5

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/17 16:56:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\temp
[2011/12/17 16:42:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/17 16:42:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/17 16:42:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/17 16:41:52 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/12/09 19:34:49 | 000,000,000 | --SD | C] -- C:\zaSetupWeb_101_065_000
[2011/12/06 16:58:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/06 16:58:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/05 19:12:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2011/12/05 19:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/05 19:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/05 19:12:21 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/05 19:12:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/29 16:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/29 16:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/11/27 09:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011/11/27 09:44:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ZoneLabs
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/23 08:30:55 | 000,010,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/23 08:30:54 | 000,010,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/23 08:27:28 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/23 08:27:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/12/23 08:23:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/23 08:22:17 | 2409,078,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/23 07:47:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/15 18:48:21 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/14 15:43:53 | 000,618,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/06 17:16:14 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/06 16:51:09 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/06 16:50:34 | 000,629,152 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/06 16:50:34 | 000,112,592 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/06 16:46:40 | 000,001,354 | ---- | M] () -- C:\Users\Admin\Desktop\Resume ZoneAlarm Security Install.lnk
[2011/12/06 16:35:46 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/12/05 20:59:26 | 000,000,512 | ---- | M] () -- C:\Users\Admin\Documents\MBR.dat
[2011/12/05 20:56:40 | 000,000,512 | ---- | M] () -- C:\Users\Admin\Desktop\MBR.dat
[2011/12/05 19:12:28 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/05 17:44:58 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/12/05 17:44:58 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/12/05 07:15:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/11/29 05:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/29 05:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/29 05:01:14 | 000,256,960 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/29 04:54:06 | 000,591,192 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/29 04:53:58 | 000,304,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/29 04:52:22 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/29 04:52:20 | 000,058,712 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/29 04:52:11 | 000,066,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/29 04:51:53 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/11/27 16:28:57 | 000,749,548 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/27 09:45:21 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/17 16:42:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/17 16:42:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/17 16:42:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/17 16:42:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/17 16:42:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/05 20:57:39 | 000,000,512 | ---- | C] () -- C:\Users\Admin\Documents\MBR.dat
[2011/12/05 20:51:19 | 000,000,512 | ---- | C] () -- C:\Users\Admin\Desktop\MBR.dat
[2011/12/05 19:12:28 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/02 19:48:17 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/04/20 11:34:55 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/20 11:34:55 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2010/02/20 22:00:05 | 000,755,074 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/27 13:45:37 | 000,000,832 | ---- | C] () -- C:\Windows\SysWow64\E_ADDNET.DAT
[2009/09/27 12:52:39 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2009/09/27 12:52:39 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2009/09/27 12:52:39 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2009/09/27 12:52:39 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2009/09/27 12:52:39 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2009/09/27 12:52:39 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2009/09/27 12:52:39 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2009/09/27 12:52:39 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2009/09/27 12:52:39 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2009/09/27 12:52:39 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2009/09/27 12:52:39 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2009/09/27 12:52:39 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2009/09/27 12:52:39 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2009/09/27 12:52:39 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2009/09/27 12:52:39 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2009/09/27 12:52:39 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2009/09/27 12:52:39 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2009/09/27 12:52:39 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2009/09/27 12:52:39 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009/09/11 17:03:12 | 002,050,952 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/08/08 08:56:20 | 000,372,384 | ---- | C] () -- C:\Windows\SysWow64\atwtusb.exe
[2009/08/08 08:56:20 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\InstallService.exe
[2009/08/08 08:56:19 | 001,969,824 | ---- | C] () -- C:\Windows\SysWow64\WTMKM.exe
[2009/08/08 08:56:18 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\ATWTINK.DLL
[2009/08/08 08:56:18 | 000,102,048 | ---- | C] () -- C:\Windows\RmTablet.exe
[2009/08/08 08:56:17 | 000,010,251 | ---- | C] () -- C:\Windows\SysWow64\Vista.ini
[2009/08/08 08:56:17 | 000,009,868 | ---- | C] () -- C:\Windows\SysWow64\XP_2000.ini
[2009/08/08 08:56:17 | 000,007,261 | ---- | C] () -- C:\Windows\aiptbl.ini
[2009/08/08 08:56:17 | 000,000,593 | ---- | C] () -- C:\Windows\SysWow64\MKProfile.ini
[2009/08/07 20:15:38 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\MFC_InstDrvDLL.dll
[2009/08/07 20:04:32 | 000,000,216 | ---- | C] () -- C:\Windows\Ulead32.ini
[2009/07/14 16:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 13:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 13:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 11:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 08:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 08:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/02 22:20:32 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/02/24 21:31:59 | 000,002,004 | ---- | C] () -- C:\Windows\wininit.ini
[2008/12/22 11:11:30 | 000,000,076 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\7ac6d22d.dat
[2008/12/07 13:08:06 | 000,795,648 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008/12/07 13:08:04 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008/11/24 15:32:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2008/06/06 22:47:12 | 000,000,082 | ---- | C] () -- C:\Windows\SysWow64\Sun Clock 6.ini
[2008/02/09 10:04:39 | 000,000,100 | ---- | C] () -- C:\Windows\Sharktales.INI
[2007/12/25 19:17:36 | 000,000,081 | ---- | C] () -- C:\Windows\HUMANJAP.INI
[2007/11/17 14:45:29 | 000,000,099 | ---- | C] () -- C:\Windows\MFRWORDS.INI
[2007/11/17 14:41:09 | 000,000,108 | ---- | C] () -- C:\Windows\ABC.ini
[2007/11/17 14:32:09 | 000,000,103 | ---- | C] () -- C:\Windows\Pfb.ini
[2007/09/17 22:05:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/09/04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007/07/07 12:22:56 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2007/07/07 12:22:56 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2007/07/07 12:22:56 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2007/07/07 12:22:56 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2007/07/07 12:22:56 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2007/07/07 12:22:56 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2007/05/10 00:36:12 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2007/01/20 01:30:56 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\px.ini
[2006/09/19 17:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Roxio.dll
[2006/09/19 17:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\CddbFileTaggerRoxio.dll
[1998/05/07 13:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\ODMA32.dll

========== LOP Check ==========

[2010/02/20 22:31:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CometNetwork
[2010/02/20 22:31:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Epson
[2010/02/20 22:31:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\InterVideo
[2010/09/04 19:56:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LimeWire
[2010/02/20 22:31:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Map Maker
[2010/02/20 22:31:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SecondLife
[2010/02/20 22:32:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\System
[2010/02/20 22:32:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thunderbird
[2010/05/30 11:06:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\XTrackCad
[2010/02/20 22:26:01 | 000,000,000 | ---D | M] -- C:\Users\Glyn\AppData\Roaming\AVEO
[2011/05/28 14:41:53 | 000,000,000 | ---D | M] -- C:\Users\Glyn\AppData\Roaming\CheckPoint
[2010/02/20 22:26:01 | 000,000,000 | ---D | M] -- C:\Users\Glyn\AppData\Roaming\Epson
[2010/02/20 22:26:02 | 000,000,000 | ---D | M] -- C:\Users\Glyn\AppData\Roaming\InterVideo
[2010/09/04 13:48:33 | 000,000,000 | ---D | M] -- C:\Users\Glyn\AppData\Roaming\LimeWire
[2010/02/20 22:26:05 | 000,000,000 | ---D | M] -- C:\Users\Glyn\AppData\Roaming\Map Maker
[2010/02/20 22:26:08 | 000,000,000 | ---D | M] -- C:\Users\Glyn\AppData\Roaming\OpenOffice.org
[2009/08/01 16:29:30 | 000,000,000 | ---D | M] -- C:\Users\Glyn\AppData\Roaming\SampleView
[2010/02/20 22:26:13 | 000,000,000 | ---D | M] -- C:\Users\Glyn\AppData\Roaming\SecondLife
[2011/05/28 21:45:12 | 000,000,000 | ---D | M] -- C:\Users\Glyn\AppData\Roaming\Thunderbird
[2010/10/02 10:29:13 | 000,000,000 | ---D | M] -- C:\Users\Glyn\AppData\Roaming\TomTom
[2010/02/20 22:30:54 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Babylon
[2010/02/20 22:30:54 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Epson
[2010/02/20 22:30:54 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\InterVideo
[2010/02/20 22:31:04 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Map Maker
[2010/03/30 18:50:14 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\OpenOffice.org
[2010/02/20 22:31:10 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Stellarium
[2009/04/01 12:01:49 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\System
[2010/10/04 08:54:51 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Thunderbird
[2010/02/20 22:29:46 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\Babylon
[2010/02/20 22:29:46 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\CometNetwork
[2010/02/20 22:29:46 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\Epson
[2010/02/20 22:29:47 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\InterVideo
[2010/02/20 22:30:00 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\OpenOffice.org
[2010/10/03 18:21:17 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\Thunderbird
[2011/12/06 16:35:46 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/12/16 16:24:36 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/12/06 16:33:46 | 000,699,100 | ---- | M] () -- C:\aaw7boot.log
[2010/11/20 23:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2010/02/21 16:52:39 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/02/20 19:41:51 | 000,000,584 | ---- | M] () -- C:\Ciam_LogFile.log
[2007/05/10 01:43:14 | 000,000,000 | ---- | M] () -- C:\C_USERPART
[2011/12/23 08:22:17 | 2409,078,784 | -HS- | M] () -- C:\hiberfil.sys
[2008/03/04 21:02:04 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2011/11/27 14:25:45 | 000,005,120 | -H-- | M] () -- C:\ntuser.dat.LOG1
[2008/03/02 16:11:46 | 000,000,000 | -H-- | M] () -- C:\ntuser.dat.LOG2
[2008/03/02 16:11:47 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{b644e7a3-e80c-11dc-942f-0017a4e21afb}.TM.blf
[2008/03/02 16:11:47 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{b644e7a3-e80c-11dc-942f-0017a4e21afb}.TMContainer00000000000000000001.regtrans-ms
[2008/03/02 16:11:47 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{b644e7a3-e80c-11dc-942f-0017a4e21afb}.TMContainer00000000000000000002.regtrans-ms
[2008/03/02 18:14:36 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{b644e7cf-e80c-11dc-942f-0017a4e21afb}.TM.blf
[2008/03/02 18:14:36 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{b644e7cf-e80c-11dc-942f-0017a4e21afb}.TMContainer00000000000000000001.regtrans-ms
[2008/03/02 18:14:36 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{b644e7cf-e80c-11dc-942f-0017a4e21afb}.TMContainer00000000000000000002.regtrans-ms
[2011/12/23 08:22:24 | 3212,107,776 | -HS- | M] () -- C:\pagefile.sys
[2011/12/18 12:39:30 | 000,077,924 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_18.12.2011_12.36.15_log.txt
[2008/03/02 16:10:17 | 000,441,446 | ---- | M] () -- C:\vcredist_x86.log

< %systemroot%\Fonts\*.com >
[2009/07/14 16:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 16:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 16:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 16:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/11 07:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/11/29 05:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 15:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/06/02 21:38:44 | 000,000,286 | -HS- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2010/02/20 23:39:12 | 000,000,221 | -HS- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2008/10/01 15:08:14 | 014,968,808 | ---- | M] (Safer Networking Limited ) -- C:\Users\Admin\Desktop\spybotsd160.exe
[2009/02/24 19:03:31 | 013,352,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Admin\Desktop\spybotsd162.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/11 08:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/09/03 15:10:19 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/09/03 15:10:19 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2010/05/15 11:38:44 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2010/05/15 11:38:44 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/10 20:04:01 | 000,000,402 | -HS- | M] () -- C:\Users\Admin\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

Extras.txt

OTL Extras logfile created on: 23/12/2011 8:37:11 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Glyn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.99 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 60.56% Memory free
5.98 Gb Paging File | 4.46 Gb Available in Paging File | 74.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139.04 Gb Total Space | 45.46 Gb Free Space | 32.69% Space Free | Partition Type: NTFS
Drive E: | 8.01 Gb Total Space | 1.01 Gb Free Space | 12.59% Space Free | Partition Type: NTFS
Drive F: | 2.01 Gb Total Space | 1.75 Gb Free Space | 86.95% Space Free | Partition Type: NTFS

Computer Name: MARGMATT | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-969322467-523409355-1963906759-1010\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-969322467-523409355-1963906759-1011\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{39600969-41C3-4658-876E-16F108FC5C92}" = ISO Recorder
"{39F7DC26-E18C-4D3B-A79B-A62DBB7B1BD6}" = HP 3D DriveGuard
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{50822200-2E95-4E62-A8D8-41C3B308DF5E}" = Microsoft SQL Server VSS Writer
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E740973-8E71-42F9-A910-C18452E60450}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}" = HP Help and Support
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 64 bit components
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"EPSON TX800FW Series" = EPSON TX800FW Series Printer Uninstall
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C62B23-9336-4AF2-8DD4-BBDBE599DD76}" = Google Photos Screensaver
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{091A6E73-BAE9-470F-A68A-B204E8C0698D}" = ESU for Microsoft Vista
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B63D49E-6AF1-4783-9D77-615BE336704A}" = Shark Tale
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup & Recovery Manager Installer
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{556EEE74-6788-4292-8252-8B17E2C7952A}" = Photosynth 2.0.1403.12
"{556F2137-B772-43BB-9A45-E0275234DD16}" = Free Notes & Office Ink
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6AF6BFD2-D368-4F81-9B82-D3B1414351C8}" = Power Presenter RE
"{6FE30813-AC60-40A3-BE53-F6713A1F3893}" = HP Wireless Assistant
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B13
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7235252A-39A3-4889-AF58-18B82040310E}" = USB2.0 PC Camera
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE VCD
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93D44E47-EBE0-43FC-A427-8AC3CD026536}" = Vista Default Settings
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.0 beta 1
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F63AA99-0E74-4703-B186-CAC15ADE95CA}" = Phonics For Beginners
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A99968BE-C155-474C-0089-33239DEE1CE2}" = NFS Underground
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AFD9E698-03C2-4E88-80A6-1496562D4304}" = Google SketchUp 7.1
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}" = Google Apps
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E25AA53F-6878-4C64-8130-EB8D678DF303}" = HP User Guides 0064
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis*True*Image*Home
"{E7A9DCC5-8D19-4B95-BED8-2DB41F920F11}" = Microsoft WorldWide Telescope
"{ECAAC00F-74C7-4F1C-A110-F526ED630044}" = SpongeBob SquarePants - Nighty Nightmare
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3666943-0411-41D1-8015-8B572B6E91A7}" = SyncToy 2.0 Beta
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"BitComet" = BitComet 1.10
"Celestia_is1" = Celestia 1.5.1
"CometBird (3.0.7)" = CometBird (3.0.7)
"DVD Shrink_is1" = DVD Shrink 3.2
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Photo PX700W_PX800FW_TX700W_TX800FW User’s Guide" = EPSON Stylus Photo PX700W_PX800FW_TX700W_TX800FW Manual
"FUN ON ALPHABET FARM" = FUN ON ALPHABET FARM
"Google Chrome" = Google Chrome
"Google Chrome Frame" = Google Chrome Frame
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"Human Japanese" = Human Japanese
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"Jimmy Neutron vs. Jimmy Negatron" = Jimmy Neutron vs. Jimmy Negatron
"LimeWire" = LimeWire 5.5.14
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Map Maker Pro" = Map Maker Pro 3.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"My First Reading & Spelling Words" = My First Reading & Spelling Words
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"RealPlayer 6.0" = RealPlayer Basic
"Registry Mechanic_is1" = Registry Mechanic 4.0
"Rmtablet" = Pen Pad Driver with Macro Key Manager
"SecondLife" = SecondLife (remove only)
"SerifDrawPlus40" = Serif DrawPlus 4.0
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"Stellarium_is1" = Stellarium 0.10.0
"Sun Clock" = Sun Clock 6.5
"The Right Track (R) Software" = The Right Track (R) Software
"The Wild Thornberrys Movie_is1" = The Wild Thornberrys Movie
"TomTom HOME" = TomTom HOME 2.8.2.2264
"UndeletePlus_is1" = Undelete Plus 2.98
"Universe Sandbox" = Universe Sandbox
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WiTopia.Net personalVPN 1.8" = WiTopia.Net personalVPN 1.8
"XTrkCAD" = XTrkCAD Model Railroad Design Software
"ZoneAlarm Free" = ZoneAlarm Free

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-969322467-523409355-1963906759-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{7235252A-39A3-4889-AF58-18B82040310E}" = AVEO USB2.0 PC Camera

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 20/11/2009 10:01:12 PM | Computer Name = MargMatt | Source = avast! | ID = 33554522
Description =

Error - 11/12/2009 9:55:01 PM | Computer Name = MargMatt | Source = avast! | ID = 33554522
Description =

Error - 12/12/2009 7:28:12 PM | Computer Name = MargMatt | Source = avast! | ID = 33554522
Description =

Error - 17/12/2009 5:31:29 PM | Computer Name = MargMatt | Source = avast! | ID = 33554522
Description =

Error - 21/12/2009 5:55:53 PM | Computer Name = MargMatt | Source = avast! | ID = 33554522
Description =

Error - 25/12/2009 11:08:44 PM | Computer Name = MargMatt | Source = avast! | ID = 33554522
Description =

Error - 27/12/2009 3:29:38 AM | Computer Name = MargMatt | Source = avast! | ID = 33554522
Description =

Error - 10/01/2010 12:35:30 AM | Computer Name = MargMatt | Source = avast! | ID = 33554522
Description =

Error - 14/04/2010 3:53:29 AM | Computer Name = MargMatt | Source = avast! | ID = 33554522
Description =

Error - 12/08/2010 1:49:02 AM | Computer Name = MargMatt | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 20/12/2011 4:18:54 PM | Computer Name = MargMatt | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8392

Error - 20/12/2011 4:18:55 PM | Computer Name = MargMatt | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 20/12/2011 4:18:55 PM | Computer Name = MargMatt | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9484

Error - 20/12/2011 4:18:55 PM | Computer Name = MargMatt | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9484

Error - 20/12/2011 4:18:56 PM | Computer Name = MargMatt | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 20/12/2011 4:18:56 PM | Computer Name = MargMatt | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10592

Error - 20/12/2011 4:18:56 PM | Computer Name = MargMatt | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10592

Error - 20/12/2011 4:19:03 PM | Computer Name = MargMatt | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 20/12/2011 4:19:03 PM | Computer Name = MargMatt | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16801

Error - 20/12/2011 4:19:03 PM | Computer Name = MargMatt | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16801

[ System Events ]
Error - 22/12/2011 12:36:47 AM | Computer Name = MargMatt | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 22/12/2011 2:45:46 AM | Computer Name = MargMatt | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 22/12/2011 2:45:46 AM | Computer Name = MargMatt | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 22/12/2011 2:46:44 AM | Computer Name = MargMatt | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 22/12/2011 3:55:53 PM | Computer Name = MargMatt | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 22/12/2011 3:55:53 PM | Computer Name = MargMatt | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 22/12/2011 3:56:46 PM | Computer Name = MargMatt | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 22/12/2011 5:22:16 PM | Computer Name = MargMatt | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 22/12/2011 5:22:16 PM | Computer Name = MargMatt | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 22/12/2011 5:23:38 PM | Computer Name = MargMatt | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL


< End of report >

Hi Broni,

This is the end of the txt files.

Thanks,

Glyn

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Code:

  ---

  :OTL
IE - HKU\S-1-5-21-969322467-523409355-1963906759-1011\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-21-969322467-523409355-1963906759-1011\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
O4 - HKLM..\Run: [openvpn-gui] C:\Program Files (x86)\personalVPN\bin\openvpn-gui.exe File not found
O4 - HKLM..\Run: [RegistryMechanic] File not found
O4 - HKU\S-1-5-21-969322467-523409355-1963906759-1010..\Run: [EPSON Stylus Photo TX800FW(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEMP.EXE /FU "C:\Windows\TEMP\E_S3285.tmp" /EF "HKCU" File not found
O4:64bit: - HKLM..\RunOnce: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f File not found
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF20962.3XE /c C:\ComboFixCombobatch.bat File not found
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O4 - Startup: C:\Users\Glyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = File not found
O4 - Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = File not found
O4 - Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = File not found
O4 - Startup: C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = File not found
O4 - Startup: C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = File not found
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O15 - HKU\S-1-5-21-969322467-523409355-1963906759-1010\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-969322467-523409355-1963906759-1011\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

  ---

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

=============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

==============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

Hi Broni,

This is the log file. I will now do the rest of the work.

Regards,

Glyn

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-969322467-523409355-1963906759-1011\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
Registry value HKEY_USERS\S-1-5-21-969322467-523409355-1963906759-1011\Software\Microsoft\Internet Explorer\URLSearchHooks\\{91da5e8a-3318-4f8c-b67e-5964de3ab546} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\openvpn-gui deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RegistryMechanic deleted successfully.
Registry value HKEY_USERS\S-1-5-21-969322467-523409355-1963906759-1010\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON Stylus Photo TX800FW(Network) deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\NoIE4StubProcessing deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\combofix deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\flags deleted successfully.
C:\Users\Glyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk moved successfully.
C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk moved successfully.
C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk moved successfully.
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk moved successfully.
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk moved successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Registry value HKEY_USERS\S-1-5-21-969322467-523409355-1963906759-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Registry value HKEY_USERS\S-1-5-21-969322467-523409355-1963906759-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\ProgramData\webex\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 18909718 bytes
->Java cache emptied: 12125862 bytes
->FireFox cache emptied: 71405011 bytes
->Google Chrome cache emptied: 6249370 bytes
->Flash cache emptied: 1254 bytes

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Glyn
->Temp folder emptied: 635343 bytes
->Temporary Internet Files folder emptied: 33885332 bytes
->Java cache emptied: 24393325 bytes
->FireFox cache emptied: 31150251 bytes
->Google Chrome cache emptied: 200012331 bytes
->Apple Safari cache emptied: 9285632 bytes
->Flash cache emptied: 25608 bytes

User: Matthew
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 226022117 bytes
->Java cache emptied: 40692132 bytes
->FireFox cache emptied: 11307446 bytes
->Google Chrome cache emptied: 81316051 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 980431 bytes

User: Mum
->Temp folder emptied: 3902028 bytes
->Temporary Internet Files folder emptied: 295911447 bytes
->Java cache emptied: 37043850 bytes
->FireFox cache emptied: 3499867 bytes
->Google Chrome cache emptied: 33754228 bytes
->Flash cache emptied: 77381 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 546918 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,090.00 mb


[EMPTYFLASH]

User: Admin
->Flash cache emptied: 0 bytes

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Glyn
->Flash cache emptied: 0 bytes

User: Matthew
->Flash cache emptied: 0 bytes

User: Mum
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12242011_175741

Files\Folders moved on Reboot...
File move failed. C:\Users\Glyn\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File\Folder C:\Users\Glyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VJB76SES\918[2].htm not found!
File\Folder C:\Users\Glyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VJB76SES\bind[2].htm not found!
File\Folder C:\Users\Glyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VJB76SES\showthread[3].htm not found!
File\Folder C:\Users\Glyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N8AQQ89G\bizo_multi[1].htm not found!
File\Folder C:\Users\Glyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N8AQQ89G\frame[1].htm not found!
C:\Users\Glyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N8AQQ89G\frame[2].htm moved successfully.
C:\Users\Glyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N8AQQ89G\mail[2].htm moved successfully.
File\Folder C:\Users\Glyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N8AQQ89G\partner[1].htm not found!
File\Folder C:\Users\Glyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IXLO244E\fastbutton[1].htm not found!
File\Folder C:\Users\Glyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IXLO244E\fastbutton[2].htm not found!
C:\Users\Glyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IXLO244E\mail[3].htm moved successfully.
File\Folder C:\Users\Glyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4W3G715J\frame[1].htm not found!
C:\Users\Glyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4W3G715J\mail[9].htm moved successfully.
File\Folder C:\Users\Glyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4W3G715J\partner[1].htm not found!
File\Folder C:\Users\Glyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4W3G715J\partner[2].htm not found!
File\Folder C:\Users\Glyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4W3G715J\plusone_gadget[1].htm not found!
C:\Users\Glyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Glyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Glyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Windows\temp\WebEx\Log\1224\atashost.log moved successfully.
C:\Windows\temp\ZLT029d7.TMP moved successfully.

Registry entries deleted on Reboot...

Hi Broni,

I tried to install Java by both sedlecting "run" and then "Save as" and then running the download (jre-6u30-windows-i586-iftw). On both occassions I got the message "Error - Java(TM) Installer", "The installer cannot proceed with the current Internet Connection setings. Please visit the following site for more information. http://java.com/en/download/help"

Regrds,

Glyn

Run JavaRa first.
Then go here: http://www.java.com/en/download/manual.jsp and download standalone installation file - Windows 7, XP Offline

Hi Broni,

This is the result of SecurityCheck.exe.

Regards,

Glyn

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Free Antivirus
ZoneAlarm Free
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Out of date Spybot installed!
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Java(TM) SE Runtime Environment 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player ( 10.0.32.18) Flash Player Out of Date!
Mozilla Thunderbird (3.1.4) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Spybot Teatimer.exe is disabled!
windows defender MpCmdRun.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````

Hi Broni,

Below is the ESETScan results.

Regards,

Glyn

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch128.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch133.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch261.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch263.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch264.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch266.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch267.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch268.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch270.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch281.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch308.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch313.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch390.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/0...ut-any-extras/

===========================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

=============================================================

Your computer is clean https://discussions.virtualdr.com/

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

---

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

---

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.