[RESOLVED] Scourdotcom redirect virus help?

..and Extras.txt...

Looks like the Japanese isn't the issue. I just need to beat this BBS over the head with a hammer repeatedly to make this amount of data go through.

I'll keep trying to post until it sticks. Hopefully I won't piss anything/anyone off in the process.

I'm trying, Broni. It refuses to post.

Extras.txt 3rd Try

OTL Extras logfile created on: 5/15/2012 12:12:33 AM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Carl\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 71.60% Memory free
7.73 Gb Paging File | 6.50 Gb Available in Paging File | 84.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 54.92 Gb Free Space | 54.92% Space Free | Partition Type: NTFS
Drive D: | 349.68 Gb Total Space | 134.12 Gb Free Space | 38.35% Space Free | Partition Type: NTFS

Computer Name: FELLCASTER | User Name: Carl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07826117-8CAF-4AA6-BAF4-BE7FBC623A63}" = lport=138 | protocol=17 | dir=in | app=system |
"{15FEE67F-4638-4F7E-A088-587162D81713}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1AB69542-47AD-4D49-950C-7A6041EC1CAA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1CB1B569-1DD2-46F4-AB66-92602490782D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{225A95F5-081E-42F2-96C2-7794996444CE}" = rport=137 | protocol=17 | dir=out | app=system |
"{2DC9B351-6575-443F-BD07-87CF3E864C80}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{494426B0-462B-4DBC-97E6-9864A8C43F4B}" = rport=445 | protocol=6 | dir=out | app=system |
"{4AD51488-6DA0-4485-B072-9C0410DB65C2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{54A764A9-628B-4A59-A209-CFF9EF376785}" = lport=139 | protocol=6 | dir=in | app=system |
"{6D7F1B5A-F009-4101-A214-4B542B82A43F}" = lport=445 | protocol=6 | dir=in | app=system |
"{75028C31-C5AD-4361-95E5-8E21E9A67F66}" = rport=138 | protocol=17 | dir=out | app=system |
"{9F1E8C26-825B-47C1-87F8-F5ECDCF4FB00}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A2FB53F8-C2DF-4B50-AAF0-C7BCC654C0C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AD0C69B4-C6A3-4B26-BF23-A6FFCD3FF9D5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B7F04FD1-126F-496F-8BED-3AE87DC2DA40}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C6D3318E-1F75-4D35-AFA8-343E5989B994}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D7CDF5E0-38E1-4500-9C3E-19E2ABAFC209}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D8A12424-959C-408B-9FD5-D59A565E2E3B}" = lport=137 | protocol=17 | dir=in | app=system |
"{E1F4796A-DAC4-4B8A-B7A0-408535B657D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC38626C-6623-461F-A4F9-CA5D1782066E}" = rport=139 | protocol=6 | dir=out | app=system |
"{EE29F894-96C0-4A7D-AD4A-B88CCE534FBE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F4403335-4FDB-47CD-9978-113215933F28}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F6D9DB55-95FB-4BF0-A65F-CF7B7A178D76}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FA32BE88-DC40-4715-AF5C-9C7C88545CF2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FF03DD32-796B-43FC-A480-F48D710BC196}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DEE12E-D278-4D0C-BE82-A609CBA25CE7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{03684D9C-B2C9-4B71-B8F9-9489C18F9AFB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\fellcaster\counter-strike\hl.exe |
"{041F00A5-47E2-4F20-979F-8264C23DD8E8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{095112DB-2165-48BD-A9C6-0BBA6B3A99FD}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"{0A561CBB-DE8D-4BE7-87B9-CFDF78CCB244}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{0C9164D3-C0FF-4D92-BE37-2F2399810DF3}" = protocol=1 | dir=out | [email protected],-28544 |
"{14E91A6F-8D34-45F0-9367-1C6D623A1B8C}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{17655455-DB31-432F-98DD-E2B5910EF26E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ffxi\squareenix\playonlineviewer\polcfg\polcfg.exe |
"{1B9AB31F-EB3B-4546-B948-83F37E93E2BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\fellcaster\counter-strike\hl.exe |
"{1C3B9302-734B-486F-8343-2F05960EFEED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3 goty\falloutlauncher.exe |
"{25713079-C6EC-4E75-8FCC-F537C88C50D3}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\fallout 3 goty\falloutlauncher.exe |
"{27CD9F7F-C04C-4A28-BE64-8EE9804802CF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2A8C84CF-7E4C-46B8-9F7A-7BEFA2400952}" = protocol=1 | dir=in | [email protected],-28543 |
"{2AC87BA2-8EE3-4C22-A952-F09426143CC3}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{2C62962B-62BB-444A-9985-140236EE388B}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{30203E9B-55D1-495E-A399-70D23AC1BE85}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{31EC9566-43C5-497A-97AF-E6EED65BA246}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ffxi\squareenix\playonlineviewer\polcfg\polcfg.exe |
"{32D98240-5F4B-4BBD-93F7-A43CD879961B}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\fellcaster\counter-strike\hl.exe |
"{3884C5D6-E982-4DF1-948D-F55A93B5780A}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\fellcaster\counter-strike\hl.exe |
"{38D559B7-F620-48E7-8C80-CA8FC62A2D26}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3C81832A-0696-4E2F-9ABF-3C89BD7E2312}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\fellcaster\counter-strike\hl.exe |
"{3CA0B081-1E67-4652-B06B-10DDCB80DDD3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4131107A-64F5-4936-9691-F2DEA9F9D7E4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{42132FE8-52BE-466F-B66F-B7DEF36ACAF2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4408B926-B6F1-402A-A08B-85A82CFBB420}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"{443F48CF-766B-4983-AD8A-10C4866D1914}" = protocol=58 | dir=out | [email protected],-28546 |
"{4601BF27-6B3C-40C9-9521-705AF9743229}" = protocol=6 | dir=out | app=system |
"{497DC5E2-60E2-45A1-ACB5-314A1F1644F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\fellcaster\counter-strike\hl.exe |
"{4C8B4288-25BE-46F9-970B-5BD861D16C65}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{4CE99B91-692B-4BC3-92A6-F362C3AB297E}" = protocol=17 | dir=in | app=c:\program files\squareenix\final fantasy xiv beta version\ffxivboot.exe |
"{4DC70B61-03FC-4DA4-A2FC-40C72E3518A5}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{4E3B664E-D5FC-4DE1-A4C7-8DE28094830E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4F036393-C6A0-45B6-8265-1FEE1538A37C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{4F87157E-B4FD-446F-9197-610DA814FF25}" = protocol=6 | dir=in | app=c:\program files\squareenix\final fantasy xiv beta version\ffxivboot.exe |
"{5170AC0A-A17A-4C3F-8809-0C4544421378}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{590AD0FA-25EF-45CB-9763-4725D3805A2D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{5B376C74-F6D5-4D50-8327-0FD34E6FA3E4}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{5F18081D-E7C2-443F-9487-C3F4C676A91F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FE06D4F-B080-4B40-9535-E6C4FE93142B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{62FAD06D-A8AB-431C-B08B-55D86AEDF2F1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{683DACCD-8CB1-449F-8644-F205A623C644}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe |
"{68B7B5C7-6AFF-411F-BEE1-0944256D7C3B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{69E8C8EF-4EBB-4188-9F0B-4E3E29291FCE}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"{70D79709-930C-4E3A-99A0-403A9561F3E7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe |
"{7243650B-6C0F-418D-B7D6-59BA2049F1A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7459ECF8-99B6-4A46-BAA1-1B06FE19205F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{78CCFA36-5D77-482A-BB96-1F7C82735C75}" = protocol=6 | dir=in | app=d:\ventrilo\ventrilo.exe |
"{7D60FDC2-AF24-451C-87E7-E39545C1E89E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{7F22EFE5-DA6C-4564-AC58-533E9D435730}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{80244E8A-BA11-4F73-B1B0-E09DCCA17228}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{80886B0D-D1A5-4AE8-B967-4DC6425E5053}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{871DD04F-6AF7-4A64-9652-C156C1976332}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{8793A325-3121-4444-AFB4-55DF060468F3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{88E4C62F-613D-4E0D-A7E3-60B254509E46}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{8AABCB0F-348F-401C-87B0-736302FB05CC}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{8D94942F-BA4F-48FA-9836-52801EDF38F1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9901196C-2995-4782-B3F3-A3B27355691F}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\magic 2012 demo\magic_2012.exe |
"{9EC80422-575F-4EC0-9F15-5DBB445358E4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A0F4FA7D-E167-47D4-B6E1-22CD65655A57}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ffxi\squareenix\final fantasy xi\polboot.exe |
"{A97A79B8-CF77-41E2-B532-F060A7E351E2}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{B408FD3D-B8B0-4A9C-AEEE-B81CD5D2D4EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{B47645D7-C9FE-4502-9553-A84977986587}" = protocol=58 | dir=in | [email protected],-28545 |
"{B6754E04-C4CA-4422-923D-406B96C0F111}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ffxi\squareenix\final fantasy xi\polboot.exe |
"{B721E76E-E7D8-4DB5-BC26-0B19CECC56F8}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\fallout 3 goty\falloutlauncher.exe |
"{B89471CC-EF84-49FE-888D-97148DC17CD4}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{B8B41E5C-4A5F-48EC-AEDD-2E5CF6FD81C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3 goty\falloutlauncher.exe |
"{BA110CB2-F570-4BC9-93DE-F997391069EF}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\magic 2012 demo\magic_2012.exe |
"{BE59CE90-88A4-4314-B672-3B2671AF2853}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C09598D9-06B3-456F-85A2-85AB9257D357}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\oblivion\oblivionlauncher.exe |
"{C8EEAF1F-9EE2-423F-B192-CF3281601FD9}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"{CC23D8C5-D328-41BD-B332-8A0BB92F8E63}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{CEF8242A-5548-49BC-9FF8-39FBEE85ABE3}" = protocol=17 | dir=in | app=d:\ventrilo\ventrilo.exe |
"{CF6BA1E4-029F-447E-A5D5-53F4F0E47ED6}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"{DC2338C7-8C5E-488E-83E7-4A1378E55238}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DCE1C9C5-6493-48A3-A7DE-398E18E036A6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DEB5E29F-42DB-4F72-9904-066F4751D17E}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\oblivion\oblivionlauncher.exe |
"{E0D7C2E6-32A6-4FE4-9928-904A5B5114B3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ffxi\squareenix\final fantasy xi\toolsus\final fantasy xi config.exe |
"{E4A3E071-3A1A-4296-892F-82939EFEB310}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ED0F17BF-3FD0-42F0-A1CA-6A6D38E3FB3A}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{F04336C1-7A3B-4F04-AEAA-DEF7871A608C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"{F1297163-02BD-49DF-BBB4-D6A29F330625}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F2B01D00-9575-4B06-ABEF-ACC87C32F110}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ffxi\squareenix\final fantasy xi\toolsus\final fantasy xi config.exe |
"{FC382124-59E7-4D4F-AD21-79548E929E69}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FF9A3572-3030-4450-B581-2012799B79C4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{179591F0-0BA9-4906-BB8D-4D6BB542FCDC}C:\users\carl\appdata\local\microsoft\windows\temporary internet files\content.ie5\zp562o03\hfs[1].exe" = protocol=6 | dir=in | app=c:\users\carl\appdata\local\microsoft\windows\temporary internet files\content.ie5\zp562o03\hfs[1].exe |
"TCP Query User{1DC4C647-7B89-429F-95E1-7DE828C9E96A}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{2CC30559-D0A9-4BA1-9058-9E3CDB094844}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{3FD72812-E798-4037-B982-D0B92A2DFED3}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{4DBE7270-C7D9-4DE2-8D86-FDB8C7B3EA18}C:\users\carl\appdata\local\microsoft\windows\temporary internet files\content.ie5\5nmi4dhh\hfs[1].exe" = protocol=6 | dir=in | app=c:\users\carl\appdata\local\microsoft\windows\temporary internet files\content.ie5\5nmi4dhh\hfs[1].exe |
"TCP Query User{548EE947-31DE-407A-AA97-5EF38E2F3FA9}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{5580E3C9-00A2-44E5-A90C-4675F7C5F471}C:\program files (x86)\steam\steamapps\common\ffxi\squareenix\playonlineviewer\pol.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ffxi\squareenix\playonlineviewer\pol.exe |
"TCP Query User{5A0403D2-13F2-4E70-82A4-A669C6E3625F}C:\users\carl\appdata\local\microsoft\windows\temporary internet files\content.ie5\12sle4q0\hfs[1].exe" = protocol=6 | dir=in | app=c:\users\carl\appdata\local\microsoft\windows\temporary internet files\content.ie5\12sle4q0\hfs[1].exe |
"TCP Query User{653002BA-DD15-4BA8-9FC5-19C9E782126C}C:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"TCP Query User{79B4556D-81B8-4884-B919-DBECA7BB068F}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe |
"TCP Query User{89386F95-314E-484C-9798-5E9ACAE4A39D}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"TCP Query User{9099D123-EDC5-46EC-8C75-28D023BDB2B2}C:\game\softnyxgame\gunboundis\gunbound.gme" = protocol=6 | dir=in | app=c:\game\softnyxgame\gunboundis\gunbound.gme |
"TCP Query User{AAB8C842-90B6-4865-8AC6-015E0B83862F}C:\game\softnyxgame\gunboundis\nyxlauncher.exe" = protocol=6 | dir=in | app=c:\game\softnyxgame\gunboundis\nyxlauncher.exe |
"TCP Query User{B1E197C7-9329-43FC-A3EC-EE0D454407B7}C:\game\softnyxgame\gunboundis\gunbound.gme" = protocol=6 | dir=in | app=c:\game\softnyxgame\gunboundis\gunbound.gme |
"TCP Query User{C96DCF24-6E26-4951-BCFE-983B93F27430}D:\diablo ii\game.exe" = protocol=6 | dir=in | app=d:\diablo ii\game.exe |
"TCP Query User{D3A7F5DC-FBF2-4C47-A5DA-DDC6224E0B32}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"UDP Query User{2BF577ED-E81D-46A3-8507-E506FB196CD7}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"UDP Query User{50F51402-1DFF-48E3-8240-6E636ECF0A19}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"UDP Query User{69AEADC8-0502-4F02-8239-08953B99AC9C}C:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"UDP Query User{69E21596-F40A-4165-9EF6-C6B6BD097995}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{71578DFA-A14B-44DB-A95E-5D6D7EDA9691}C:\game\softnyxgame\gunboundis\gunbound.gme" = protocol=17 | dir=in | app=c:\game\softnyxgame\gunboundis\gunbound.gme |
"UDP Query User{99208439-1C1B-4F04-A5ED-72F5F4395E02}C:\game\softnyxgame\gunboundis\nyxlauncher.exe" = protocol=17 | dir=in | app=c:\game\softnyxgame\gunboundis\nyxlauncher.exe |
"UDP Query User{9AFA0720-78FB-420B-96A3-203AFEA07618}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe |
"UDP Query User{9D3F83C6-95B6-40CC-9535-F353AC70D222}C:\users\carl\appdata\local\microsoft\windows\temporary internet files\content.ie5\12sle4q0\hfs[1].exe" = protocol=17 | dir=in | app=c:\users\carl\appdata\local\microsoft\windows\temporary internet files\content.ie5\12sle4q0\hfs[1].exe |
"UDP Query User{AAECC632-4A88-4281-B219-41E05C38FFED}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{C8B3E5E0-1650-460B-BEA2-73E24DA7518A}C:\users\carl\appdata\local\microsoft\windows\temporary internet files\content.ie5\5nmi4dhh\hfs[1].exe" = protocol=17 | dir=in | app=c:\users\carl\appdata\local\microsoft\windows\temporary internet files\content.ie5\5nmi4dhh\hfs[1].exe |
"UDP Query User{C93508CE-B372-487C-A872-A129FA50C63D}C:\users\carl\appdata\local\microsoft\windows\temporary internet files\content.ie5\zp562o03\hfs[1].exe" = protocol=17 | dir=in | app=c:\users\carl\appdata\local\microsoft\windows\temporary internet files\content.ie5\zp562o03\hfs[1].exe |
"UDP Query User{CFC3FE26-8F41-4F26-AA01-41A745061C2A}C:\program files (x86)\steam\steamapps\common\ffxi\squareenix\playonlineviewer\pol.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ffxi\squareenix\playonlineviewer\pol.exe |
"UDP Query User{D5F07232-14F4-4607-870B-3BB99A646F5A}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"UDP Query User{E6BEE2C6-2871-4AB5-A48D-2B2964A54333}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{E77A9CA1-C53B-42FE-B5CB-4E8A23C40145}D:\diablo ii\game.exe" = protocol=17 | dir=in | app=d:\diablo ii\game.exe |
"UDP Query User{F8B375B2-E13B-4624-9CF4-18769310DB0D}C:\game\softnyxgame\gunboundis\gunbound.gme" = protocol=17 | dir=in | app=c:\game\softnyxgame\gunboundis\gunbound.gme |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Sandboxie" = Sandboxie 3.54 (64-bit)
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{019625D4-BC90-4D8E-B1D5-41BEB59E4E06}_is1" = Lightning Warrior Raidy II v1.1s
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B67A13-8501-48CB-B747-9D413BDC4594}" = BatteryLifeExtender
"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DCC7418-2089-4BDD-B321-3771956160FC}" = ijji Auto Installer
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (CMJ)
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{31821EFE-1B31-4744-9FB0-208F92BD7168}" = Visual FoxPro ODBC Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55584E16-4D70-44EE-93DD-F144E8B7D4B7}" = QuickBooks Product Listing Service
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{65678DF6-BF29-4B89-B473-9C15E4725E4A}_is1" = Ruby 1.8.6-p287
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{739126B3-1B80-4F9F-8D59-312A19633E1A}_is1" = MKV player
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B922DA9D-747A-4681-A730-D14326C6738F}" = MultimediaPOP
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4582EED-A3FB-4358-8F3F-8C994460DF28}" = EasyFileShare
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F771F1D4-EDD4-4D68-82DC-811583C099CD}" = Easy Network Manager
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Instant Messenger" = AOL Instant Messenger
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"BitTorrent" = BitTorrent
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"Diablo II" = Diablo II
"Free RAR Extract Frog" = Free RAR Extract Frog
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"JHHKIOMLICLFICMMJCIGICMMIDIKIDEBIDIL" = 陽射しの中のリアル
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Lich_is1" = The Lich v3.57
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Simutronics Game Entry" = Simutronics Game Entry
"Steam App 10" = Counter-Strike
"Steam App 22330" = The Elder Scrolls IV: Oblivion
"Steam App 22370" = Fallout 3 - Game of the Year Edition
"Steam App 3900" = Sid Meier's Civilization IV
"Steam App 49480" = Magic: The Gathering — Duels of the Planeswalkers 2012 - Demo
"Sweet Plumcot" = Sweet Plumcot
"SystemRequirementsLab" = System Requirements Lab
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virgin Roster" = Virgin Roster
"VLC media player" = VLC media player 1.1.11
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 2.7.0
"Windows Grep_is1" = Windows Grep 2.3
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-114453956-2636402065-546677835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/12/2012 9:26:23 PM | Computer Name = Fellcaster | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/13/2012 1:13:30 AM | Computer Name = Fellcaster | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 5/13/2012 2:56:13 AM | Computer Name = Fellcaster | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/13/2012 3:55:00 AM | Computer Name = Fellcaster | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 5/13/2012 2:32:49 PM | Computer Name = Fellcaster | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/13/2012 6:39:47 PM | Computer Name = Fellcaster | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/13/2012 6:50:01 PM | Computer Name = Fellcaster | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/13/2012 7:09:52 PM | Computer Name = Fellcaster | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/13/2012 7:21:02 PM | Computer Name = Fellcaster | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved

Error - 5/13/2012 7:39:18 PM | Computer Name = Fellcaster | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ System Events ]
Error - 5/14/2012 7:26:33 AM | Computer Name = Fellcaster | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 5/14/2012 7:32:35 AM | Computer Name = Fellcaster | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 5/14/2012 7:46:26 AM | Computer Name = Fellcaster | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 5/14/2012 7:48:01 AM | Computer Name = Fellcaster | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 5/14/2012 7:48:01 AM | Computer Name = Fellcaster | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 5/14/2012 7:48:32 AM | Computer Name = Fellcaster | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 5/14/2012 7:49:27 AM | Computer Name = Fellcaster | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 5/14/2012 8:35:52 PM | Computer Name = Fellcaster | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 5/14/2012 8:37:54 PM | Computer Name = Fellcaster | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 5/14/2012 8:38:51 PM | Computer Name = Fellcaster | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126


< End of report >

There we go. I snuck it in as an edit.

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Code:

  ---

  :OTL
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-114453956-2636402065-546677835-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/ca...2.3.10.115.cab (Reg Error: Key error.)

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

  ---

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

=============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Do NOT post JavaRa log.

================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

Whew... ok. I'll get to work! =)

Oh... when running OTL, should I use whatever default settings it selects, or, like before, should I be sure to check ALL USERS?

Defaults are fine.

Ok, thanks!

OTL fix log:

All processes killed
========== OTL ==========
Service esgiguard stopped successfully!
Service esgiguard deleted successfully!
File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-114453956-2636402065-546677835-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Starting removal of ActiveX control {39B0684F-D7BF-4743-B050-FDC3F48F7E3B}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Carl
->Temp folder emptied: 31757 bytes
->Temporary Internet Files folder emptied: 227021673 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 216967 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: EAS
->Temp folder emptied: 1747 bytes
->Temporary Internet Files folder emptied: 7534539 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 566 bytes

User: Public
->Temp folder emptied: 0 bytes

&#37;systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1713929 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12648 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 226.00 mb


[EMPTYJAVA]

User: All Users

User: Carl
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: EAS
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Carl
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: EAS
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.43.0 log created on 05152012_202008

Files\Folders moved on Reboot...
C:\Users\Carl\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Checkup.txt

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
JavaFX 2.1.0
Java(TM) 6 Update 29
Java(TM) 7 Update 4
Out of date Java installed!
Adobe Flash Player ( 10.1.82.76) Flash Player Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````

farbar.txt

Farbar Service Scanner Version: 11-05-2012
Ran by Carl (administrator) on 15-05-2012 at 20:41:26
Running from "C:\Users\Carl\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

And finally...

ESET results

C:\COMPRESSED\[cheat-project.com]_Super_Simple_Wall_v2.51_2007-06-23.zip Win32/Packed.Themida.B trojan deleted - quarantined
C:\[cheat-project.com]_Super_Simple_Wall_v2.51_2007-06-23\Super Simple Wall v2.51.dll Win32/Packed.Themida.B trojan cleaned by deleting - quarantined
D:\VeohWebPlayerSetup_eng.exe Win32/Toolbar.Zugo application deleted - quarantined
D:\windows.7.codec.pack.v2.7.0.setup.exe Win32/Toolbar.Widgi application deleted - quarantined

Uninstall:
JavaFX 2.1.0
Java(TM) 6 Update 29

================================================================

Your computer is clean https://discussions.virtualdr.com/

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

---

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

---

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.